From pwt at iosis.co.uk  Sat Aug  1 06:02:18 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Sat, 01 Aug 2009 06:02:18 +0100
Subject: Who will accept ID cards?
In-Reply-To: <8458D0A8-65EE-4B48-9449-6CF9509ABE32@batten.eu.org>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>	<4A7198CC.9040402@gmail.com>	<4A719F2A.1030703@leonclarke.org>	<4A71A604.3000707@bbk.ac.uk>	<4A71E022.6090906@gmail.com>	<AumwyMuAcfcKFAx2@perry.co.uk>	<4A7202F8.8010002@gmail.com>
	<4A720E1B.4090706@iosis.co.uk>
	<8458D0A8-65EE-4B48-9449-6CF9509ABE32@batten.eu.org>
Message-ID: <4A73CC5A.50101@iosis.co.uk>

Ian Batten wrote:
> bus installations of smart card readers are almost unimaginable 
> outside London because of the (lack of a) regulatory framework. 
There is a regulatory framework for smart ticketing on public transport, 
but it has been a little bit weak: the DfT has issued a master Licence 
to ITSO Ltd to authorise ITSO Ltd to use the government's ITSO 
technology to provide support goods and services and Licence ITSO 
compliant schemes to operate. The weakness is that ITSO Ltd is a 
Membership company limited by guarantee and really doesn't have any 
teeth. Indeed it cannot get the scheme Licence text agreed (and even DfT 
is fumbling in that area).

DfT has now taken voting control of ITSO Ltd's Board (Members agreed 
that at an EGM in early June), but we still do not know what DfT intends 
to do with its new found powers.

There is a significant ITSO compliant scheme operating on buses in the 
North West - its called NoWcard. Centro (West Midlands PTE) is 
developing a large scheme. There are a few other small schemes for buses.

Peter




From lists at internetpolicyagency.com  Sat Aug  1 08:06:55 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Sat, 1 Aug 2009 08:06:55 +0100
Subject: Who will accept ID cards?
In-Reply-To: <CA4F2FEF-CCAB-43AB-B677-492F357AC345@batten.eu.org>
References: <vmS7wdTQnYcKFAlk@perry.co.uk> <4A7198CC.9040402@gmail.com>
	<CA4F2FEF-CCAB-43AB-B677-492F357AC345@batten.eu.org>
Message-ID: <c2l3EUIPm+cKFAjg@perry.co.uk>

In article <CA4F2FEF-CCAB-43AB-B677-492F357AC345 at batten.eu.org>, Ian 
Batten <igb at batten.eu.org> writes
>my recollection is that the banks had asked the government if Id card 
>checks would discharge all 'know your customer' obligations for money 
>laundering regs, and further if the government would indemnify if id 
>cards were later found to be fake.  no and no. so if the cards aren't 
>believed in by the issuers, why should anyone else take them seriously. 
>but I can't recall the origin if that story.

That seems to be directly contradicted by the Home Secretary in his "gas 
bills and six months of bank statements" quote this week.

A change of heart, or was he poorly briefed?
-- 
Roland Perry


From brg at gladman.plus.com  Sat Aug  1 08:57:20 2009
From: brg at gladman.plus.com (Brian Gladman)
Date: Sat, 1 Aug 2009 08:57:20 +0100
Subject: Who will accept ID cards?
In-Reply-To: <c2l3EUIPm+cKFAjg@perry.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>
	<4A7198CC.9040402@gmail.com><CA4F2FEF-CCAB-43AB-B677-492F357AC345@batten.eu.org>
	<c2l3EUIPm+cKFAjg@perry.co.uk>
Message-ID: <E0C3930014C44B539E3575D06DCFC8B0@FortyTwo>

----- Original Message ----- 
From: "Roland Perry" <lists at internetpolicyagency.com>
To: <ukcrypto at chiark.greenend.org.uk>
Sent: Saturday, August 01, 2009 8:06 AM
Subject: Re: Who will accept ID cards?


> In article <CA4F2FEF-CCAB-43AB-B677-492F357AC345 at batten.eu.org>, Ian 
> Batten <igb at batten.eu.org> writes
>>my recollection is that the banks had asked the government if Id card 
>>checks would discharge all 'know your customer' obligations for money 
>>laundering regs, and further if the government would indemnify if id cards 
>>were later found to be fake.  no and no. so if the cards aren't believed 
>>in by the issuers, why should anyone else take them seriously. but I can't 
>>recall the origin if that story.
>
> That seems to be directly contradicted by the Home Secretary in his "gas 
> bills and six months of bank statements" quote this week.
>
> A change of heart, or was he poorly briefed?

The key issue that Peter has raised is the willingness of the government to 
underwrite any losses incurred by any party as a result of their reliance on 
an ID card that turns out to be a fake.

I would be truly amazed if the government agreed to do this as the potential 
losses are huge and essentially unbounded.

If he really did say this (did he?) then I suspect that he was badly 
briefed.

      Brian Gladman


__________ Information from ESET NOD32 Antivirus, version of virus signature database 4295 (20090731) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com





From lists at internetpolicyagency.com  Sat Aug  1 12:40:17 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Sat, 1 Aug 2009 12:40:17 +0100
Subject: Who will accept ID cards?
In-Reply-To: <E0C3930014C44B539E3575D06DCFC8B0@FortyTwo>
References: <vmS7wdTQnYcKFAlk@perry.co.uk> <4A7198CC.9040402@gmail.com>
	<CA4F2FEF-CCAB-43AB-B677-492F357AC345@batten.eu.org>
	<c2l3EUIPm+cKFAjg@perry.co.uk>
	<E0C3930014C44B539E3575D06DCFC8B0@FortyTwo>
Message-ID: <rtfKiKXhmCdKFAtn@perry.co.uk>

In article <E0C3930014C44B539E3575D06DCFC8B0 at FortyTwo>, Brian Gladman
<brg at gladman.plus.com> writes
>
>If he really did say this (did he?) then I suspect that he was badly
>briefed.

The BBC reports that he said:

       "Given the growing problem of identity fraud and the
        inconvenience of having to carry passports, coupled with gas
        bills or six months worth of bank statements to prove identity,
        I believe the ID card will be welcomed as an important addition
        to the many plastic cards that most people already carry."

I suppose he didn't actually say that carrying gas bills wouldn't be
necessary any longer, but the implication is there.

The Home Office is a little bolder and says that one of the key
advantages is:

        "creating one simple form of ID - bringing an end to the
        disorganised use of photocopied bank statements, phone bills and
        birth certificates"

[And also answers my other question:

        "offering a handy, wallet-sized travel document for use within
        Europe"
&
        "The fact that it can be used as a passport when travelling in
        Europe will be an added advantage.]

http://www.homeoffice.gov.uk/about-us/news/id-card-image-unveiled

So perhaps the banks etc will have to admit the money laundering regs
have been simply an excuse, and they have other reasons to want to know
more about you than the ID card reveals. (Just like the airlines want
photo-ID more to enforce a ban on ticket reselling, than to prevent
terrorism).

>The key issue that Peter has raised is the willingness of the
>government to underwrite any losses incurred by any party as a result
>of their reliance on an ID card that turns out to be a fake.

Which was a bit unrealistic - they don't ask for the same guarantee from
the gas company, today, or from the government in case a Birth
Certificate turns out to be a fake.
-- 
Roland Perry


From pwt at iosis.co.uk  Sat Aug  1 21:59:20 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Sat, 01 Aug 2009 21:59:20 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A736324.8070404@pelicancrossing.net>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>
	<4A736324.8070404@pelicancrossing.net>
Message-ID: <4A74ACA8.6060601@iosis.co.uk>

Wendy M. Grossman wrote:
> Roland Perry wrote:
>> Putting aside all the issues of voluntary/compulsory etc, where will
>> people be able to use their ID cards?
>>
>> http://news.bbc.co.uk/1/hi/uk_politics/8175139.stm
>>
>>         "Given the growing problem of identity fraud and the
>>         inconvenience of having to carry passports, coupled with gas
>>         bills or six months worth of bank statements to prove identity,
>>         I believe the ID card will be welcomed as an important addition
>>         to the many plastic cards that most people already carry."
>>
>
> This always baffles me. Exactly how often do we have to do this? It's 
> hardly a daily necessity. Probably everyone has to produce these 
> things once in a while when they're making a significant change like 
> moving house, opening new bank or telephone accounts, etc. How 
> frequent are these things?
>
> I hardly think the inconvenience is sufficient to warrant spending 
> ?100 a person to get rd of it.
>
> Nor do I understand what's so awful about carrying a passport 
> occasionally. Hell, I travel with *two* of them without finding it a 
> problem. I also cannot believe there's any chance of the ID card 
> replacing a passport either. Is the Uk govt going to keep updating ID 
> cards to match ICAO requirements?
I don't see any sign of UK govt being fully committed to making the ID 
card compliant with the passport spec at the chip level, indeed I don't 
see any sign of a technical spec for the smart card part of the ID card 
at all, and certainly it isn't an eID card (with digital certificate). 
However, there have been vague words about how your passport can double 
as an ID document for internal functions, yet there are no passport 
readers available on the open market, or any online passport 
verification service. (Singapore decreed a little while ago that all 
public sector smart card terminals shall be able to verify passports - 
but Singapore is well organised state, albeit tiny. Maybe within the UK 
Scotland or Wales will get there first, and then declare UDI.) (Then 
there is the EU's European Citizen Card project, of course.)

Peter



From amidgley at gmail.com  Sat Aug  1 22:48:15 2009
From: amidgley at gmail.com (Adrian Midgley)
Date: Sat, 01 Aug 2009 22:48:15 +0100
Subject: Who will accept ID cards?
In-Reply-To: <C79194AF-A307-4434-B732-00EDD768D49D@batten.eu.org>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>
	<4A7198CC.9040402@gmail.com>	<NGyz4pbSIacKFAix@perry.co.uk>
	<4A71DD2F.5040408@gmail.com>
	<C79194AF-A307-4434-B732-00EDD768D49D@batten.eu.org>
Message-ID: <4A74B81F.3030901@gmail.com>

Ian Batten wrote:
> we have people with passes for our building who would not be eligable
> for a UK Id card (Japanese and USA citizens on short-term or visa
> waiver). I doubt we are alone in this.

I was a ssuming that if one is serious about the ID card that nobody is
allowed through the gate without being given one.

>> I do not see why a passport would be needed after it had been used, at
>> entry, to get an identity card.

Not all ID cards are necessarily as potent tokens of permissions as some.


However ... this is wide of what I was suggesting, which is not that you
could not accept a US passport if offered one, only that if the presumed
holder of the US passport offered you a UK ID card, you would not be
permitted to ask him for something else.

If he doesn't have an ID card, then the problems involved are different.



-- 
A



From amidgley at gmail.com  Sat Aug  1 22:49:21 2009
From: amidgley at gmail.com (Adrian Midgley)
Date: Sat, 01 Aug 2009 22:49:21 +0100
Subject: Who will accept ID cards?
In-Reply-To: <axPGlOamGtcKFASJ@perry.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>
	<4A71ADA5.4010605@iosis.co.uk>	<muD5i5vUnfcKFAUZ@perry.co.uk>
	<4A7203E5.20804@gmail.com>	<pS46dHN4HrcKFAX8@perry.co.uk>	<140bfd110907310226k2412ebc5n5605d8ce0bc98310@mail.gmail.com>
	<axPGlOamGtcKFASJ@perry.co.uk>
Message-ID: <4A74B861.5040104@gmail.com>

Roland Perry wrote:

>> They want to know where you are _once you have defaulted_.
> 
> And somewhere to send the bills, before you default.


As a first approximation, I'd expect them to send the bills to where
they sent the gas.


-- 
A



From amidgley at gmail.com  Sat Aug  1 22:53:13 2009
From: amidgley at gmail.com (Adrian Midgley)
Date: Sat, 01 Aug 2009 22:53:13 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A7306BF.9020806@bbk.ac.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>
	<4A71ADA5.4010605@iosis.co.uk>	<muD5i5vUnfcKFAUZ@perry.co.uk>
	<4A7203E5.20804@gmail.com>	<pS46dHN4HrcKFAX8@perry.co.uk>	<140bfd110907310226k2412ebc5n5605d8ce0bc98310@mail.gmail.com>
	<4A7306BF.9020806@bbk.ac.uk>
Message-ID: <4A74B949.5020505@gmail.com>

ken wrote:
> Adrian Midgley wrote:
> 
>> This seems more likely to be achieved via a single national ID card,
>> with a
>> single national list of addresses, and a single national list of
>> people who
>> have asked for people's addresses, the latter being made available to the
>> people with the addresses, of course.
> 
> So not only does ever busdriver and banker have the machinery to read
> our cards but they also get informed of every change of address?
> 
> So its not just Nanny State and her blue-coated enforcers who track your
> every move it is every business in the country that pays a little
> licence fee for a card reader?
> 

I'm channeling Ira Levin of course (THis Perfect Day, not Rosemary's Baby).

However, if the bus driver has no need to know what my address is, why
would he ask, and why would his machine ask?

For that matter, why is the drvier involved?  He gets a green light or a
red light.

As for bankers and so on, I'd assume that the natural sequel to being
encouraged to arry an ID card is that every offical or business one
meets demands to see it.  The benefit to the citizen is to reduce the
number of documents to carry to one, the benefit to the business is to
outsource blame for identification, the state then protects, or does not
protect the citizen's privacy according to its policies.



-- 
A



From pwt at iosis.co.uk  Sun Aug  2 07:08:20 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Sun, 02 Aug 2009 07:08:20 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A74B949.5020505@gmail.com>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>	<4A71ADA5.4010605@iosis.co.uk>	<muD5i5vUnfcKFAUZ@perry.co.uk>	<4A7203E5.20804@gmail.com>	<pS46dHN4HrcKFAX8@perry.co.uk>	<140bfd110907310226k2412ebc5n5605d8ce0bc98310@mail.gmail.com>	<4A7306BF.9020806@bbk.ac.uk>
	<4A74B949.5020505@gmail.com>
Message-ID: <4A752D54.80305@iosis.co.uk>

Adrian Midgley wrote:
> ken wrote:
>   
>> Adrian Midgley wrote:
>>     
>>> This seems more likely to be achieved via a single national ID card,
>>> with a
>>> single national list of addresses, and a single national list of
>>> people who
>>> have asked for people's addresses, the latter being made available to the
>>> people with the addresses, of course.
>>>       
>> So not only does ever busdriver and banker have the machinery to read
>> our cards but they also get informed of every change of address?
>>
>> So its not just Nanny State and her blue-coated enforcers who track your
>> every move it is every business in the country that pays a little
>> licence fee for a card reader?
>>
>>     
>
> I'm channeling Ira Levin of course (THis Perfect Day, not Rosemary's Baby).
>
> However, if the bus driver has no need to know what my address is, why
> would he ask, and why would his machine ask?
>
> For that matter, why is the drvier involved?  He gets a green light or a
> red light.
>
> As for bankers and so on, I'd assume that the natural sequel to being
> encouraged to arry an ID card is that every offical or business one
> meets demands to see it.  The benefit to the citizen is to reduce the
> number of documents to carry to one, the benefit to the business is to
> outsource blame for identification, the state then protects, or does not
> protect the citizen's privacy according to its policies.
Data protection: only those who need to know can have personal details, 
and they must keep them secure, particularly when stored in electronic 
form. The bus passes used in the UK are issued by Local Authorities - so 
having an electronic record of the address of a bus pass holder is no 
business of the bus operator during normal operation. The LA is 
responsible for dealing with fraudulent use, and the bus operator should 
check against a hot list of bad [1] bus passes when deciding to let a 
pass holder travel (no, the list on the bus will never be big enough to 
catch every bad card, and indeed there are discussions going on about 
governance, i.e. how to prioritise the entries in the full list).

The English bus pass (ENCTS) [2] is an entitlement card, and so all of 
that which is stored in it that is available to the reader on the bus is 
evidence of entitlement, serial number, and the identifier of the 
authority that issued the pass - indeed, that information is freely 
readable (with the Mifare Classic card type, which is what is used today 
for most of the 8M passes, you do need the common read keys, but those 
are not difficult to get hold of). The name of the holder, photo and 
serial number are on the face of the card, with contact information 
about the issuer on the back (and the issuer logo on the front). In case 
of suspected infringement, the bus operator must refer back to the pass 
issuer in order to be able to find contact details for the pass holder.

There are (as specified in the ITSO spec [3]) defined fields in the 
dataset for name, date of birth, and gender, but they must not be 
populated (and, hopefully, none of the Local Authorities issuing the 
cards have made the mistake of populating them). LAs may use spare space 
in the chip for other purposes, but any personal data stored there must 
be protected by adequate security mechanisms. In principle there can be 
other ticket products stored in the card, but I doubt that any of the 
cards yet have them and they must also be defined and used in compliance 
with data protection principles. (The ICO has been involved in ensuring 
that all of this is made clear, as a result of a misleading guidance 
document published by DfT - the document has been changed.)

Peter

[1] 'bad' is a sloppy term, because there is a developing set of rules 
about hot listing and thankfully I'm not involved in that discussion.

[2] For David H, basically the same in Scotland. For the Welsh, 
basically the same there as well.

[3] www.itso.org.uk - look in the spec for TYP16 IPE




From pwt at iosis.co.uk  Sun Aug  2 07:36:15 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Sun, 02 Aug 2009 07:36:15 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A74B861.5040104@gmail.com>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>	<4A71ADA5.4010605@iosis.co.uk>	<muD5i5vUnfcKFAUZ@perry.co.uk>	<4A7203E5.20804@gmail.com>	<pS46dHN4HrcKFAX8@perry.co.uk>	<140bfd110907310226k2412ebc5n5605d8ce0bc98310@mail.gmail.com>	<axPGlOamGtcKFASJ@perry.co.uk>
	<4A74B861.5040104@gmail.com>
Message-ID: <4A7533DF.5080605@iosis.co.uk>

Adrian Midgley wrote:
> Roland Perry wrote
>>> They want to know where you are _once you have defaulted_.
>>>       
>> And somewhere to send the bills, before you default.
>>     
> As a first approximation, I'd expect them to send the bills to where
> they sent the gas.
Some years ago my gas account was stolen by a rogue gas supplier who 
moved it to the name of a person who I had and have never otherwise 
heard of. In the course of resolving this (in which both the incumbent 
supplier and the rogue one initially behaved very badly [1]), I learned 
that utility accounts belong to the premises. Of course a supplier is 
always very keen to have someone to whom bills can be sent, i.e. to know 
who is responsible for the premises. (The management of that rogue gas 
supplier has changed and hopefully the cheating condoned by the previous 
management has stopped, but I tell every energy utility person who rings 
my doorbell that the mechanism governing privatised gas and electricity 
supply is fundamentally flawed and that the DTI energy utilities team 
didn't even know what I was talking about when I complained to them - 
some of these sales people admit that they hear the same story of fraud 
from others. But the DTI is gone now. Why did some parts of the civil 
service become so incompetent?)

In the past, debt collectors have sometimes called at houses in this 
street in the hope of finding out current contact information about 
people who have moved out of the street and left debts behind. It 
doesn't seem to happen now - perhaps all of us living here now are honest.

Peter

[1] So that I came very close to using personal contacts, as the then 
Mrs Gas Regulator is a distant cousin of a friend.

PS It seems that Reply-To in ukcrypto email headers that originate from 
Adrian's postings is routinely listing both the original sender (Adrian) 
and the list server. What the...?




From lists at internetpolicyagency.com  Sun Aug  2 09:11:07 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Sun, 2 Aug 2009 09:11:07 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A74B861.5040104@gmail.com>
References: <vmS7wdTQnYcKFAlk@perry.co.uk> <4A71ADA5.4010605@iosis.co.uk>
	<muD5i5vUnfcKFAUZ@perry.co.uk> <4A7203E5.20804@gmail.com>
	<pS46dHN4HrcKFAX8@perry.co.uk>
	<140bfd110907310226k2412ebc5n5605d8ce0bc98310@mail.gmail.com>
	<axPGlOamGtcKFASJ@perry.co.uk> <4A74B861.5040104@gmail.com>
Message-ID: <VQxVNJ4boUdKFAIF@perry.co.uk>

In article <4A74B861.5040104 at gmail.com>, Adrian Midgley 
<amidgley at gmail.com> writes
>>> They want to know where you are _once you have defaulted_.
>>
>> And somewhere to send the bills, before you default.
>
>As a first approximation, I'd expect them to send the bills to where
>they sent the gas.

The supplier in this case is likely to be of financial services, the gas 
bill is merely evidence of address.
-- 
Roland Perry


From lists at internetpolicyagency.com  Sun Aug  2 09:18:38 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Sun, 2 Aug 2009 09:18:38 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A74B949.5020505@gmail.com>
References: <vmS7wdTQnYcKFAlk@perry.co.uk> <4A71ADA5.4010605@iosis.co.uk>
	<muD5i5vUnfcKFAUZ@perry.co.uk> <4A7203E5.20804@gmail.com>
	<pS46dHN4HrcKFAX8@perry.co.uk>
	<140bfd110907310226k2412ebc5n5605d8ce0bc98310@mail.gmail.com>
	<4A7306BF.9020806@bbk.ac.uk> <4A74B949.5020505@gmail.com>
Message-ID: <cAgXZx4evUdKFAoD@perry.co.uk>

In article <4A74B949.5020505 at gmail.com>, Adrian Midgley 
<amidgley at gmail.com> writes
>> So not only does ever busdriver and banker have the machinery to read
>> our cards but they also get informed of every change of address?
>>
>> So its not just Nanny State and her blue-coated enforcers who track your
>> every move it is every business in the country that pays a little
>> licence fee for a card reader?
>
>However, if the bus driver has no need to know what my address is, why
>would he ask, and why would his machine ask?

His machine needs to ask about my entitlements, which are [only] held 
centrally (we have discussed the pitfalls of attempting to hold them on 
the ID card).

There are many other tradespeople who need to know my address (eg so 
they can send me bills for financial services) and therefore the system 
for enquiring from the central database would undoubtedly have to 
provide it to any tradesperson, and it seems unlikely they'd bother to 
exclude bus companies (who might occasionally be selling me annual 
season tickets) from that.

>For that matter, why is the drvier involved?  He gets a green light or a
>red light.

But mission creep exists, and there's particular reason that the machine 
couldn't also flash up the passenger's address.
-- 
Roland Perry


From lists at internetpolicyagency.com  Sun Aug  2 09:37:56 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Sun, 2 Aug 2009 09:37:56 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A74B81F.3030901@gmail.com>
References: <vmS7wdTQnYcKFAlk@perry.co.uk> <4A7198CC.9040402@gmail.com>
	<NGyz4pbSIacKFAix@perry.co.uk> <4A71DD2F.5040408@gmail.com>
	<C79194AF-A307-4434-B732-00EDD768D49D@batten.eu.org>
	<4A74B81F.3030901@gmail.com>
Message-ID: <Jh+Cxe7kBVdKFA4E@perry.co.uk>

In article <4A74B81F.3030901 at gmail.com>, Adrian Midgley 
<amidgley at gmail.com> writes
>> we have people with passes for our building who would not be eligable
>> for a UK Id card (Japanese and USA citizens on short-term or visa
>> waiver). I doubt we are alone in this.
>
>I was a ssuming that if one is serious about the ID card that nobody is
>allowed through the gate without being given one.

While you could force everyone applying for a UK visa to in effect get a 
"visitors ID card", there are plenty of people (not least other 
Europeans) who don't need visas.

>>> I do not see why a passport would be needed after it had been used, at
>>> entry, to get an identity card.
>
>Not all ID cards are necessarily as potent tokens of permissions as some.

But if you are disallowing all other ID-based tokens (ie tokens linked 
to a certain individual), they have to be as potent as the most potent 
place you could ever require ID-based entry to. A newly vetted recruit 
reporting for work at Thames House, maybe?

>However ... this is wide of what I was suggesting,

You said "It shall be an offence to request any other or additional form 
of identification if a national ID card is presented", and I've 
interpreted that to mean you would force all possible transaction points 
to accept a national ID card, because it's possible to *present* such a 
card at any time, irrespective of whether or not there's currently the 
ability to accept a national ID card at all.

For example, at the reception desk of a hospital ward, a health 
professional might today want to show their NHS ID to gain admission. 
But it's *possible* to wave a national ID card at them, so they wouldn't 
be allowed to ask for more than that.

>which is not that you
>could not accept a US passport if offered one, only that if the presumed
>holder of the US passport offered you a UK ID card, you would not be
>permitted to ask him for something else.

[Would that also work at the counter at the US embassy where you were 
renewing your US passport - or is that bit of London not covered by your 
law? I do love corner cases :) ]
-- 
Roland Perry


From amidgley at gmail.com  Sun Aug  2 11:16:02 2009
From: amidgley at gmail.com (Adrian Midgley)
Date: Sun, 02 Aug 2009 11:16:02 +0100
Subject: Who will accept ID cards?
In-Reply-To: <Jh+Cxe7kBVdKFA4E@perry.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>
	<4A7198CC.9040402@gmail.com>	<NGyz4pbSIacKFAix@perry.co.uk>
	<4A71DD2F.5040408@gmail.com>	<C79194AF-A307-4434-B732-00EDD768D49D@batten.eu.org>	<4A74B81F.3030901@gmail.com>
	<Jh+Cxe7kBVdKFA4E@perry.co.uk>
Message-ID: <4A756762.8040407@gmail.com>

Roland Perry wrote:

> You said "It shall be an offence to request any other or additional form
> of identification if a national ID card is presented", and I've
> interpreted that to mean you would force all possible transaction points
> to accept a national ID card, because it's possible to *present* such a
> card at any time, irrespective of whether or not there's currently the
> ability to accept a national ID card at all.
> 
> For example, at the reception desk of a hospital ward, a health
> professional might today want to show their NHS ID to gain admission.
> But it's *possible* to wave a national ID card at them, so they wouldn't
> be allowed to ask for more than that.


If you have it, you can wave it.

SO they need to be ready to let people do or have whatever it is that
they want to know about entitlement to.

Practically, I'd think that any sensible orgnaisation will adopt a
reliable system that is provided for them.


I don't see the point of a State setting up an ID card that people
within or subject to that state are free to deny demonstrates identity.

And returning again to the point I think is key, of a State providing a
service to its inhabitants, selling people a system that means they need
not be bothere by anyone else's (often very stupid) system is a service.
 Requiring them to carry yet another system that only works sometimes is
the opposite.

If the State is going to play, then let us have _service_ from it.



-- 
A



From lists at internetpolicyagency.com  Sun Aug  2 11:42:03 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Sun, 2 Aug 2009 11:42:03 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A736324.8070404@pelicancrossing.net>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>
	<4A736324.8070404@pelicancrossing.net>
Message-ID: <dc5XOfB71WdKFAJ5@perry.co.uk>

In article <4A736324.8070404 at pelicancrossing.net>, Wendy M. Grossman 
<wendyg at pelicancrossing.net> writes
>Roland Perry wrote:
>> Putting aside all the issues of voluntary/compulsory etc, where will
>> people be able to use their ID cards?
>>  http://news.bbc.co.uk/1/hi/uk_politics/8175139.stm
>>          "Given the growing problem of identity fraud and the
>>         inconvenience of having to carry passports, coupled with gas
>>         bills or six months worth of bank statements to prove identity,
>>         I believe the ID card will be welcomed as an important addition
>>         to the many plastic cards that most people already carry."
>
>This always baffles me. Exactly how often do we have to do this? It's 
>hardly a daily necessity. Probably everyone has to produce these things 
>once in a while when they're making a significant change like moving 
>house, opening new bank or telephone accounts, etc. How frequent are 
>these things?

I was in Carphonewarehouse the other week, and the chap in front of me 
(who fitted the "self employed builder" stereotype) was trying to get an 
iPhone on contract. The assistant was politely explaining how the credit 
reference, for whoever he purported to be, had come back on the VDU as 
"ask for ID" (shouldn't they all??) and the buyer was explaining how he 
didn't have his driving licence with him right now, because it was away 
"getting some points added". He also explained that if he encountered 
much more of "this nonsense" he was likely to emigrate[1] - just the 
kind of person to give a brand new phone to... (There is a no-ID 
solution though [2])

So I suppose there are a few impulse purchases where some sort of ID is 
required, although "purchase" is perhaps the wrong word. The last time I 
was sent scurrying for gas bills to prove where I lived, was when hiring 
an accountant to do my books (they were, of course, already sat in the 
house in question, because I work from home).

>I hardly think the inconvenience is sufficient to warrant spending ?100 
>a person to get rd of it.

They are warming us up [see: frogs, boiling] by only charging ?30 at the 
moment.

>Nor do I understand what's so awful about carrying a passport 
>occasionally. Hell, I travel with *two* of them without finding it a 
>problem.

As a frequent traveller myself, carrying a passport is essential, and 
you get used to it (but it doesn't include my address, of course). For 
commerce, maybe another solution would be a laminated set of gas bills, 
that you could keep in a safe place, and carry with you when you 
expected to be opening "new accounts" of one sort or another.

That's actually not very different from the Home Office's ID scheme of 
ten years ago - find a commercial entity that believes in you (and a 
critical mass of others), then piggyback on that: "if the gas board 
believes who you are, HMG will too".

>I also cannot believe there's any chance of the ID card replacing a 
>passport either. Is the Uk govt going to keep updating ID cards to 
>match ICAO requirements?

We must ask the Home Office: "Home Secretary Alan Johnson said that the 
cards will allow people to prove and protect their identity in a quick, 
simple and secure way.... the fact that it can be used as a passport 
when travelling in Europe will be an added advantage."

http://www.homeoffice.gov.uk/about-us/news/id-card-image-unveiled

[1] Perhaps he had Spain in mind, where aiui carrying ID is compulsory.

[2] In the mid-90s I worked briefly for Vodafone, originally on speccing 
and SMS<>email gateway; the technology was fine but if floundered on the 
same revenue issues as bedevilled inter-network SMS at the time. So I 
spent a while with the team implementing ... PAYG phones.
-- 
Roland Perry


From brg at gladman.plus.com  Sun Aug  2 11:45:57 2009
From: brg at gladman.plus.com (Brian Gladman)
Date: Sun, 2 Aug 2009 11:45:57 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A756762.8040407@gmail.com>
References: <vmS7wdTQnYcKFAlk@perry.co.uk><4A7198CC.9040402@gmail.com>	<NGyz4pbSIacKFAix@perry.co.uk><4A71DD2F.5040408@gmail.com>	<C79194AF-A307-4434-B732-00EDD768D49D@batten.eu.org>	<4A74B81F.3030901@gmail.com><Jh+Cxe7kBVdKFA4E@perry.co.uk>
	<4A756762.8040407@gmail.com>
Message-ID: <B2DE776C161E4D2ABCE06EC75B717C9E@FortyTwo>

----- Original Message ----- 
From: "Adrian Midgley" <amidgley at gmail.com>
To: "UK Cryptography Policy Discussion Group" 
<ukcrypto at chiark.greenend.org.uk>
Sent: Sunday, August 02, 2009 11:16 AM
Subject: Re: Who will accept ID cards?

> And returning again to the point I think is key, of a State providing a
> service to its inhabitants, selling people a system that means they need
> not be bothere by anyone else's (often very stupid) system is a service.
> Requiring them to carry yet another system that only works sometimes is
> the opposite.
>
> If the State is going to play, then let us have _service_ from it.

I would prefer that the State did not play at all since it has repeatedly 
demonstrated its incompetence in such matters as well as its shameless 
dishonesty in attempting to sell a population surveillance and control 
system as something entirely different.

"If it looks like a duck, swims like a duck and quacks like a duck, then it 
probably is a duck"

    Brian Gladman


__________ Information from ESET NOD32 Antivirus, version of virus signature database 4297 (20090801) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com





From lists at internetpolicyagency.com  Sun Aug  2 12:00:20 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Sun, 2 Aug 2009 12:00:20 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A756762.8040407@gmail.com>
References: <vmS7wdTQnYcKFAlk@perry.co.uk> <4A7198CC.9040402@gmail.com>
	<NGyz4pbSIacKFAix@perry.co.uk> <4A71DD2F.5040408@gmail.com>
	<C79194AF-A307-4434-B732-00EDD768D49D@batten.eu.org>
	<4A74B81F.3030901@gmail.com> <Jh+Cxe7kBVdKFA4E@perry.co.uk>
	<4A756762.8040407@gmail.com>
Message-ID: <osmayAFEHXdKFAc7@perry.co.uk>

In article <4A756762.8040407 at gmail.com>, Adrian Midgley 
<amidgley at gmail.com> writes
>> For example, at the reception desk of a hospital ward, a health
>> professional might today want to show their NHS ID to gain admission.
>> But it's *possible* to wave a national ID card at them, so they wouldn't
>> be allowed to ask for more than that.
>
>If you have it, you can wave it.
>
>SO they need to be ready to let people do or have whatever it is that
>they want to know about entitlement to.
>
>Practically, I'd think that any sensible orgnaisation will adopt a
>reliable system that is provided for them.

I don't see why the NHS should be burdened by having National ID Card 
readers in every ward.

>I don't see the point of a State setting up an ID card that people
>within or subject to that state are free to deny demonstrates identity.

I think we've established that it's *entitlements* that need to be 
demonstrated, most of the time, not *identity*.

(Although when you establish the entitlement, that may require proof of 
identity).
-- 
Roland Perry


From amidgley at gmail.com  Sun Aug  2 12:13:09 2009
From: amidgley at gmail.com (Adrian Midgley)
Date: Sun, 02 Aug 2009 12:13:09 +0100
Subject: Who will accept ID cards?
In-Reply-To: <B2DE776C161E4D2ABCE06EC75B717C9E@FortyTwo>
References: <vmS7wdTQnYcKFAlk@perry.co.uk><4A7198CC.9040402@gmail.com>	<NGyz4pbSIacKFAix@perry.co.uk><4A71DD2F.5040408@gmail.com>	<C79194AF-A307-4434-B732-00EDD768D49D@batten.eu.org>	<4A74B81F.3030901@gmail.com><Jh+Cxe7kBVdKFA4E@perry.co.uk>	<4A756762.8040407@gmail.com>
	<B2DE776C161E4D2ABCE06EC75B717C9E@FortyTwo>
Message-ID: <4A7574C5.9030900@gmail.com>

Brian Gladman wrote:

>> If the State is going to play, then let us have _service_ from it.
> 
> I would prefer that the State did not play at all since it has
> repeatedly demonstrated its incompetence in such matters as well as its
> shameless dishonesty in attempting to sell a population surveillance and
> control system as something entirely different.


I'll also settle for that, but I suspect it is a core function of a State.




From brg at gladman.plus.com  Sun Aug  2 14:52:15 2009
From: brg at gladman.plus.com (Brian Gladman)
Date: Sun, 2 Aug 2009 14:52:15 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A7574C5.9030900@gmail.com>
References: <vmS7wdTQnYcKFAlk@perry.co.uk><4A7198CC.9040402@gmail.com>	<NGyz4pbSIacKFAix@perry.co.uk><4A71DD2F.5040408@gmail.com>	<C79194AF-A307-4434-B732-00EDD768D49D@batten.eu.org>	<4A74B81F.3030901@gmail.com><Jh+Cxe7kBVdKFA4E@perry.co.uk>	<4A756762.8040407@gmail.com><B2DE776C161E4D2ABCE06EC75B717C9E@FortyTwo>
	<4A7574C5.9030900@gmail.com>
Message-ID: <C7084B7DEB34424EBDF499312E82B908@FortyTwo>

----- Original Message ----- 
From: "Adrian Midgley" <amidgley at gmail.com>
To: "UK Cryptography Policy Discussion Group" 
<ukcrypto at chiark.greenend.org.uk>
Sent: Sunday, August 02, 2009 12:13 PM
Subject: Re: Who will accept ID cards?


> Brian Gladman wrote:
>
>>> If the State is going to play, then let us have _service_ from it.
>>
>> I would prefer that the State did not play at all since it has
>> repeatedly demonstrated its incompetence in such matters as well as its
>> shameless dishonesty in attempting to sell a population surveillance and
>> control system as something entirely different.
>
> I'll also settle for that, but I suspect it is a core function of a State.

Maybe - but only because our particular State is trying very hard to make it 
so because it truly wants its population surveillance and control system.

Were it not our unnecessarily intrusive State, I suspect the need to offer 
independent identity verification to those with whom I wish (or need) to 
establish a relationship would be really very rare.

Most of the relationships I need are either anonymous or of the form 'has 
this person, whoever they are, been here before'.

    Brian Gladman


__________ Information from ESET NOD32 Antivirus, version of virus signature database 4298 (20090802) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com





From davidh at spidacom.co.uk  Sun Aug  2 15:31:09 2009
From: davidh at spidacom.co.uk (David Hansen)
Date: Sun, 02 Aug 2009 15:31:09 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A752D54.80305@iosis.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>, <4A74B949.5020505@gmail.com>,
	<4A752D54.80305@iosis.co.uk>
Message-ID: <4A75B13D.32703.1404EC7@davidh.spidacom.co.uk>

On 2 Aug 2009 at 7:08, Peter Tomlinson wrote:

> There are (as specified in the ITSO spec [3]) defined fields in the 
> dataset for name, date of birth, and gender,

Why? Was it a "mistake" or part of some grand plan?

> but they must not be 
> populated (and, hopefully, none of the Local Authorities issuing the cards
> have made the mistake of populating them).

You have a much higher opinion of councils than I do.

-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From davidh at spidacom.co.uk  Sun Aug  2 15:32:34 2009
From: davidh at spidacom.co.uk (David Hansen)
Date: Sun, 02 Aug 2009 15:32:34 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A74ACA8.6060601@iosis.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>,
	<4A736324.8070404@pelicancrossing.net>,
	<4A74ACA8.6060601@iosis.co.uk>
Message-ID: <4A75B192.32112.1419ABF@davidh.spidacom.co.uk>

On 1 Aug 2009 at 21:59, Peter Tomlinson wrote:

> However, there have been vague words about how your passport can double as
> an ID document for internal functions, yet there are no passport readers
> available on the open market, or any online passport verification service.
> (Singapore decreed a little while ago that all public sector smart card
> terminals shall be able to verify passports - but Singapore is well
> organised state, albeit tiny. Maybe within the UK Scotland or Wales will
> get there first, and then declare UDI.) 

Given the position of the current Scottish Government this is most 
unlikely. If the Labour Party slimeballs get back in then this might 
change.

-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From davidh at spidacom.co.uk  Sun Aug  2 15:35:13 2009
From: davidh at spidacom.co.uk (David Hansen)
Date: Sun, 02 Aug 2009 15:35:13 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A74B861.5040104@gmail.com>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>, <axPGlOamGtcKFASJ@perry.co.uk>,
	<4A74B861.5040104@gmail.com>
Message-ID: <4A75B231.1661.1440806@davidh.spidacom.co.uk>

On 1 Aug 2009 at 22:49, Adrian Midgley wrote:

> > And somewhere to send the bills, before you default.
> 
> As a first approximation, I'd expect them to send the bills to where
> they sent the gas.

Only for some plebs. With larger organisations (and some plebs) the 
bills and gas are highly likely to go to different places.
 


-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From rl.hird at orpheusmail.co.uk  Sun Aug  2 12:37:58 2009
From: rl.hird at orpheusmail.co.uk (Roger Hird)
Date: Sun, 02 Aug 2009 12:37:58 +0100
Subject: Who will accept ID cards?
In-Reply-To: <osmayAFEHXdKFAc7@perry.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk> <4A7198CC.9040402@gmail.com>
	<NGyz4pbSIacKFAix@perry.co.uk> <4A71DD2F.5040408@gmail.com>
	<C79194AF-A307-4434-B732-00EDD768D49D@batten.eu.org>
	<4A74B81F.3030901@gmail.com> <Jh+Cxe7kBVdKFA4E@perry.co.uk>
	<4A756762.8040407@gmail.com> <osmayAFEHXdKFAc7@perry.co.uk>
Message-ID: <50847d4ca3rl.hird@orpheusmail.co.uk>

In article <osmayAFEHXdKFAc7 at perry.co.uk>,
   Roland Perry <lists at internetpolicyagency.com> wrote:
> I think we've established that it's *entitlements* that need to be 
> demonstrated, most of the time, not *identity*.

My own experience only covers two types of problem - getting a parking
pass from my borough council, where they seem to want details of the car 
linked in some way to you - and the usual gas bill type stuff to link you
to the address - it's an odd mixture of identity entitlement.

The other one - and a more frequent problem - is the "money laundering"
check that banks, building societies etc carry out when you open an
account with them. This is certainly what I'd call identity.


RogerH

-- 
Roger Hird
rl.hird at orpheusmail.co.uk
Website: http://roger.hird.orpheusweb.co.uk



From davidh at spidacom.co.uk  Sun Aug  2 17:30:05 2009
From: davidh at spidacom.co.uk (David Hansen)
Date: Sun, 02 Aug 2009 17:30:05 +0100
Subject: Who will accept ID cards?
In-Reply-To: <50847d4ca3rl.hird@orpheusmail.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>, <osmayAFEHXdKFAc7@perry.co.uk>,
	<50847d4ca3rl.hird@orpheusmail.co.uk>
Message-ID: <4A75CD1D.24833.1AD310C@davidh.spidacom.co.uk>

On 2 Aug 2009 at 12:37, Roger Hird wrote:

> The other one - and a more frequent problem - is the "money laundering"
> check that banks, building societies etc carry out when you open an
> account with them. This is certainly what I'd call identity.

I'd call it gathering personal information for their marketing 
department, and the marketing departments of those they will sell this 
personal information to.





-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From rl.hird at orpheusmail.co.uk  Sun Aug  2 17:47:08 2009
From: rl.hird at orpheusmail.co.uk (Roger Hird)
Date: Sun, 02 Aug 2009 17:47:08 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A75CD1D.24833.1AD310C@davidh.spidacom.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk> <osmayAFEHXdKFAc7@perry.co.uk>
	<50847d4ca3rl.hird@orpheusmail.co.uk>
	<4A75CD1D.24833.1AD310C@davidh.spidacom.co.uk>
Message-ID: <5084999ae9rl.hird@orpheusmail.co.uk>

In article <4A75CD1D.24833.1AD310C at davidh.spidacom.co.uk>,
   David Hansen <davidh at spidacom.co.uk> wrote:
> > The other one - and a more frequent problem - is the "money laundering"
> > check that banks, building societies etc carry out when you open an
> > account with them. This is certainly what I'd call identity.

> I'd call it gathering personal information for their marketing 
> department, and the marketing departments of those they will sell this 
> personal information to.

Are they allowed to do that under the DPA without one's ticking a box?

-- 
Roger Hird
rl.hird at orpheusmail.co.uk
Website: http://roger.hird.orpheusweb.co.uk



From matthew at pemble.net  Sun Aug  2 16:19:53 2009
From: matthew at pemble.net (Matthew Pemble)
Date: Sun, 2 Aug 2009 16:19:53 +0100
Subject: Who will accept ID cards?
In-Reply-To: <Jh+Cxe7kBVdKFA4E@perry.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk> <4A7198CC.9040402@gmail.com>
	<NGyz4pbSIacKFAix@perry.co.uk> <4A71DD2F.5040408@gmail.com>
	<C79194AF-A307-4434-B732-00EDD768D49D@batten.eu.org>
	<4A74B81F.3030901@gmail.com> <Jh+Cxe7kBVdKFA4E@perry.co.uk>
Message-ID: <d0187090908020819y3e6792bkacc4343ada3111f1@mail.gmail.com>

2009/8/2 Roland Perry <lists at internetpolicyagency.com>

> In article <4A74B81F.3030901 at gmail.com>, Adrian Midgley <
> amidgley at gmail.com> writes
>
>> which is not that you
>> could not accept a US passport if offered one, only that if the presumed
>> holder of the US passport offered you a UK ID card, you would not be
>> permitted to ask him for something else.
>>
>
> [Would that also work at the counter at the US embassy where you were
> renewing your US passport - or is that bit of London not covered by your
> law? I do love corner cases :) ]
>

Indeed, that bit of London would not be covered by the law - it is legally
part of the USA, as does any embassy belong to its home nation and their
laws apply, not those of the host country.   I have no idea whether the same
(I assume it is the Vienna Convention and am too lazy to google it) applies
to the High Commissions of Commonwealth countries.



-- 
Matthew Pemble
Technical Director, Idrach Ltd

Mobile: +44 (0) 7595 652175
Office: + 44 (0) 1324 820690
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090802/fc330eed/attachment.htm>

From pwt at iosis.co.uk  Sun Aug  2 18:04:53 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Sun, 02 Aug 2009 18:04:53 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A75B13D.32703.1404EC7@davidh.spidacom.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>, <4A74B949.5020505@gmail.com>,
	<4A752D54.80305@iosis.co.uk>
	<4A75B13D.32703.1404EC7@davidh.spidacom.co.uk>
Message-ID: <4A75C735.5040501@iosis.co.uk>

David Hansen wrote:
> On 2 Aug 2009 at 7:08, Peter Tomlinson wrote:
>   
>> There are (as specified in the ITSO spec [3]) defined fields in the 
>> dataset for name, date of birth, and gender,
>>     
> Why? Was it a "mistake" or part of some grand plan?
>   
The claim was that someone might want to use them. the dispute about 
this is ongoing...
>> but they must not be 
>> populated (and, hopefully, none of the Local Authorities issuing the cards
>> have made the mistake of populating them).
>>     
> You have a much higher opinion of councils than I do.
No, I don't. But I do know the companies that have produced most of the 
ENCTS cards and initially held (at least copies of) the databases, and 
they have been trying to keep the LAs in order. Talk about the nanny 
state... (in this case its the private sector that has to do the nannying).

Peter

PS David, you have also triggered a 'Reply-To' record with your email 
address as well as the address of the ukcrypto list server.




From davidh at spidacom.co.uk  Sun Aug  2 18:26:38 2009
From: davidh at spidacom.co.uk (David Hansen)
Date: Sun, 02 Aug 2009 18:26:38 +0100
Subject: Who will accept ID cards?
In-Reply-To: <5084999ae9rl.hird@orpheusmail.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>,
	<4A75CD1D.24833.1AD310C@davidh.spidacom.co.uk>,
	<5084999ae9rl.hird@orpheusmail.co.uk>
Message-ID: <4A75DA5E.9644.1E0F628@davidh.spidacom.co.uk>

On 2 Aug 2009 at 17:47, Roger Hird wrote:

> > I'd call it gathering personal information for their marketing 
> > department, and the marketing departments of those they will sell this 
> > personal information to.
> 
> Are they allowed to do that under the DPA without one's ticking a box?

I can't ever recall a bank having an opt-in box on a form. They 
sometimes don't even have an opt-out box, but instead say that if you 
don't want to be spammed you must contact them separately.

Anyway banks are to arrogant to bother about data protection of plebs 
and the regulator can't be bothered to regulate them. Government has 
recently mortgaged out grandchildren's future in order to bail out the 
banks from their own stupidity, stupidity which was known about before 
the sky fell in (despite the claims of many to the contrary).



-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From lists at internetpolicyagency.com  Sun Aug  2 19:11:19 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Sun, 2 Aug 2009 19:11:19 +0100
Subject: Who will accept ID cards?
In-Reply-To: <50847d4ca3rl.hird@orpheusmail.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk> <4A7198CC.9040402@gmail.com>
	<NGyz4pbSIacKFAix@perry.co.uk> <4A71DD2F.5040408@gmail.com>
	<C79194AF-A307-4434-B732-00EDD768D49D@batten.eu.org>
	<4A74B81F.3030901@gmail.com> <Jh+Cxe7kBVdKFA4E@perry.co.uk>
	<4A756762.8040407@gmail.com> <osmayAFEHXdKFAc7@perry.co.uk>
	<50847d4ca3rl.hird@orpheusmail.co.uk>
Message-ID: <ESmx9AWHbddKFA6a@perry.co.uk>

In article <50847d4ca3rl.hird at orpheusmail.co.uk>, Roger Hird 
<rl.hird at orpheusmail.co.uk> writes

>> I think we've established that it's *entitlements* that need to be
>> demonstrated, most of the time, not *identity*.
>
>My own experience only covers two types of problem - getting a parking
>pass from my borough council, where they seem to want details of the car
>linked in some way to you  - and the usual gas bill type stuff to link 
>you to the address

The National ID card isn't likely to help much there - it doesn't 
include your car details. But once you've proven your entitlement by a 
mixture of personal and vehicle details, the parking pass probably 
doesn't need linking to you when in use (any more than your tax disc has 
your name on).

>The other one - and a more frequent problem - is the "money laundering"
>check that banks, building societies etc carry out when you open an
>account with them. This is certainly what I'd call identity.

And is the one that the Home Secretary is presumably referring to. Just 
as long as he agrees that, from now on, that check is satisfied 
completely by presenting a National ID card. (Sounds like material for a 
PQ).
-- 
Roland Perry


From igb at batten.eu.org  Sun Aug  2 20:38:54 2009
From: igb at batten.eu.org (Ian Batten)
Date: Sun, 2 Aug 2009 20:38:54 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A74B861.5040104@gmail.com>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>
	<4A71ADA5.4010605@iosis.co.uk>	<muD5i5vUnfcKFAUZ@perry.co.uk>
	<4A7203E5.20804@gmail.com>	<pS46dHN4HrcKFAX8@perry.co.uk>	<140bfd110907310226k2412ebc5n5605d8ce0bc98310@mail.gmail.com>
	<axPGlOamGtcKFASJ@perry.co.uk> <4A74B861.5040104@gmail.com>
Message-ID: <9C661FA4-4EBD-4C83-82D5-6B1D89569797@batten.eu.org>

there are many reasons for this not tone true. gas supplied to people  
who are the subjects of powers of attorney, for one.

ian

(mobile, sorry for typos)

On 1 Aug 2009, at 22:49, Adrian Midgley <amidgley at gmail.com> wrote:

> Roland Perry wrote:
>
>>> They want to know where you are _once you have defaulted_.
>>
>> And somewhere to send the bills, before you default.
>
>
> As a first approximation, I'd expect them to send the bills to where
> they sent the gas.
>
>
> -- 
> A
>
>


From pwt at iosis.co.uk  Sun Aug  2 22:51:55 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Sun, 02 Aug 2009 22:51:55 +0100
Subject: Who will accept ID cards?
In-Reply-To: <ESmx9AWHbddKFA6a@perry.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>
	<4A7198CC.9040402@gmail.com>	<NGyz4pbSIacKFAix@perry.co.uk>
	<4A71DD2F.5040408@gmail.com>	<C79194AF-A307-4434-B732-00EDD768D49D@batten.eu.org>	<4A74B81F.3030901@gmail.com>
	<Jh+Cxe7kBVdKFA4E@perry.co.uk>	<4A756762.8040407@gmail.com>
	<osmayAFEHXdKFAc7@perry.co.uk>	<50847d4ca3rl.hird@orpheusmail.co.uk>
	<ESmx9AWHbddKFA6a@perry.co.uk>
Message-ID: <4A760A7B.3020301@iosis.co.uk>

Roland Perry wrote:
> In article <50847d4ca3rl.hird at orpheusmail.co.uk>, Roger Hird 
> <rl.hird at orpheusmail.co.uk> writes
>
>>> I think we've established that it's *entitlements* that need to be
>>> demonstrated, most of the time, not *identity*.
>>
>> My own experience only covers two types of problem - getting a parking
>> pass from my borough council, where they seem to want details of the car
>> linked in some way to you  - and the usual gas bill type stuff to 
>> link you to the address
>
> The National ID card isn't likely to help much there - it doesn't 
> include your car details. But once you've proven your entitlement by a 
> mixture of personal and vehicle details, the parking pass probably 
> doesn't need linking to you when in use (any more than your tax disc 
> has your name on).
>
>> The other one - and a more frequent problem - is the "money laundering"
>> check that banks, building societies etc carry out when you open an
>> account with them. This is certainly what I'd call identity.
>
> And is the one that the Home Secretary is presumably referring to. 
> Just as long as he agrees that, from now on, that check is satisfied 
> completely by presenting a National ID card. (Sounds like material for 
> a PQ).

But the card cannot be securely verified by the bank, solicitor, energy 
supply utility, FE college, doctor.... Using the McNulty call centre is 
a joke.

Time to let it all hang out. The verification problem was repeatedly 
identified during 2004/5 at the Cabinet Office eGovt Unit Working Group 
meetings (representatives from numerous govt depts, eGU staff, and 
invited technical experts), and we got very fed up with banging our 
heads against the brick wall of Home Office - Cabinet Office quietly 
terminated the cycle of meetings. There had also been one-on-one groups 
between individual govt depts and HO, with the same null result (I was 
an attendee at the DfT group when HO person arrived with PA Consultants 
person, and quietly the PA person admitted to me that there was no smart 
card technology expert in their group - more recently PA has told me, in 
a different context, that they are management consultants, not 
technical, and they don't subcontract so as to be able to handle 
technical stuff). As I said at the time, the ID card project is empty at 
the level of card design and use. The 2006 revamp, although it brought 
in DWP expertise, hasn't, as far as I can see, resolved that standoff: 
the verification problem doesn't seem to have been progressed even 
though numerous other EU countries have developed or are developing ways 
of implementing on-line verification together with functions useful to 
the citizen.

Peter




From rl.hird at orpheusmail.co.uk  Mon Aug  3 00:47:01 2009
From: rl.hird at orpheusmail.co.uk (Roger Hird)
Date: Mon, 03 Aug 2009 00:47:01 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A760A7B.3020301@iosis.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>
	<4A7198CC.9040402@gmail.com>	<NGyz4pbSIacKFAix@perry.co.uk>
	<4A71DD2F.5040408@gmail.com>	<C79194AF-A307-4434-B732-00EDD768D49D@batten.eu.org>	<4A74B81F.3030901@gmail.com>
	<Jh+Cxe7kBVdKFA4E@perry.co.uk>	<4A756762.8040407@gmail.com>
	<osmayAFEHXdKFAc7@perry.co.uk>	<50847d4ca3rl.hird@orpheusmail.co.uk>
	<ESmx9AWHbddKFA6a@perry.co.uk> <4A760A7B.3020301@iosis.co.uk>
Message-ID: <5084c00c02rl.hird@orpheusmail.co.uk>

In article <4A760A7B.3020301 at iosis.co.uk>,
   Peter Tomlinson <pwt at iosis.co.uk> wrote:
> (I was an attendee at the DfT group when HO person arrived with PA
> Consultants person, and quietly the PA person admitted to me that there
> was no smart card technology expert in their group - more recently PA
> has told me, in a different context, that they are management
> consultants, not technical, and they don't subcontract so as to be able
> to handle technical stuff).

It is some years since I was involved with using PA - and I guess what you
get from them is what you specify in the contract - but certainly when
dealing with them they did have the tech capability to handle pretty
clever things or could recruit/sub contract to bring capability in - but I
guess if the HO thought they could do it themselves they wouldn't include
that in the PA contract.  Having said that, at their best PA, unlike most
other consultants, would walk away from jobs that clearly weren't
appropriately technically supported - knowing that they would get the
blame when things went wrong.

-- 
Roger Hird
rl.hird at orpheusmail.co.uk
Website: http://roger.hird.orpheusweb.co.uk



From igb at batten.eu.org  Mon Aug  3 07:00:29 2009
From: igb at batten.eu.org (Ian Batten)
Date: Mon, 3 Aug 2009 07:00:29 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A75CD1D.24833.1AD310C@davidh.spidacom.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>, <osmayAFEHXdKFAc7@perry.co.uk>,
	<50847d4ca3rl.hird@orpheusmail.co.uk>
	<4A75CD1D.24833.1AD310C@davidh.spidacom.co.uk>
Message-ID: <B6F4506A-D9C9-49AB-B6FB-E367F9DCCE52@batten.eu.org>

you'd be wrong. marketing departments don't need strong Id, and know  
your customer is all cost. if it were not cost, government wouldn't  
need to mandate it.

ian

(mobile, sorry for typos)

On 2 Aug 2009, at 17:30, "David Hansen" <davidh at spidacom.co.uk> wrote:

> On 2 Aug 2009 at 12:37, Roger Hird wrote:
>
>> The other one - and a more frequent problem - is the "money  
>> laundering"
>> check that banks, building societies etc carry out when you open an
>> account with them. This is certainly what I'd call identity.
>
> I'd call it gathering personal information for their marketing
> department, and the marketing departments of those they will sell this
> personal information to.
>
>
>
>
>
> -- 
>  David Hansen, Edinburgh
> I will *always* explain revoked encryption keys, unless RIP prevents
> me
> http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54
>
>
>


From davidh at spidacom.co.uk  Mon Aug  3 08:34:59 2009
From: davidh at spidacom.co.uk (David Hansen)
Date: Mon, 03 Aug 2009 08:34:59 +0100
Subject: Who will accept ID cards?
In-Reply-To: <B6F4506A-D9C9-49AB-B6FB-E367F9DCCE52@batten.eu.org>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>,
	<4A75CD1D.24833.1AD310C@davidh.spidacom.co.uk>,
	<B6F4506A-D9C9-49AB-B6FB-E367F9DCCE52@batten.eu.org>
Message-ID: <4A76A133.28234.4E9A611@davidh.spidacom.co.uk>

On 3 Aug 2009 at 7:00, Ian Batten wrote:

> > I'd call it gathering personal information for their marketing
> > department, and the marketing departments of those they will sell this
> > personal information to.

> you'd be wrong. marketing departments don't need strong Id,

You will have to be a little more convincing than that. Things like 
date of birth and gas supplier are very useful in building up a 
marketing profile for one's own use and for sale. This is easily tested 
by making subtle "mistakes" and seeing how one is then spammed.

We are talking about banks here, organisations which are about as 
honest as the Home Office.

> and know  
> your customer is all cost. if it were not cost, government wouldn't  
> need to mandate it.

In a simplistic world. In a more realistic world banks would have liked 
to gather this marketing information, but knew that those who tried 
would lose customers to those who did not [1]. Then along comes 
government and, presumably with a lot of input from banks, makes it 
complusory to gather this marketing information. The banks, like ISPs, 
now have the perfect excuse, they are only obeying orders. An ideal 
situation, for the banks.



[1] the various attempts to steal money from people money for taking 
their own money out of a bank, when the bank has closed or reduced 
counters and encouraged people to stand in the rain, are an example of 
the same sort of thing.


-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From k.brown at bbk.ac.uk  Mon Aug  3 12:25:11 2009
From: k.brown at bbk.ac.uk (ken)
Date: Mon, 03 Aug 2009 12:25:11 +0100
Subject: Who will accept ID cards?
In-Reply-To: <dc5XOfB71WdKFAJ5@perry.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>
	<4A736324.8070404@pelicancrossing.net>
	<dc5XOfB71WdKFAJ5@perry.co.uk>
Message-ID: <4A76C917.5020606@bbk.ac.uk>

Wendy M. Grossman:
 > This always baffles me. Exactly how often do we have
 > to do this? It's  hardly a daily necessity. Probably
 > everyone has to produce these  things once in a
 > while when they're making a significant change like
 > moving house, opening new bank or telephone accounts,
 > etc. How > frequent are these things?

The last time I remember having to take documents to show who I 
am was maybe three or four years ago.  I had just borrowed a 
five-figure sum from a bank, arranged by phone and they wouldn't 
release the cash until I turned up  in person. I've more than 
once borrowed a three- or four-figure amount by phone and had it 
transferred straight to my account.

I've also had to do the gas-bill thing at the post-office to 
collect undelivered mail (the semi-privatised bits of the post 
seem to have a blank spot in their databases around our house so 
we get cards delivered though our letterbox by the ordinary mail 
saying that a packet could not be delivered because the address 
doesn't exist!)  But they were explicit that all they wanted was 
proof of address, not "identity". I suppose their mission must 
be to deliver the mail to an address, not a person. So I and my 
daughter can collect each other's mail on producing a couple of 
bills or official documents addressed to the house without our 
names on.



From k.brown at bbk.ac.uk  Mon Aug  3 13:39:57 2009
From: k.brown at bbk.ac.uk (ken)
Date: Mon, 03 Aug 2009 13:39:57 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A719F2A.1030703@leonclarke.org>
References: <vmS7wdTQnYcKFAlk@perry.co.uk> <4A7198CC.9040402@gmail.com>
	<4A719F2A.1030703@leonclarke.org>
Message-ID: <4A76DA9D.7040505@bbk.ac.uk>

Peter Tomlinson wrote:

 >> Just as long as he agrees that, from now on, that check
 >> is satisfied  completely by presenting a National ID card.
 >
 > But the card cannot be securely verified by the bank,
 > solicitor, energy  supply utility, FE college, doctor....
 > Using the McNulty call centre is  a joke.

I think this is the exact point I was trying to make earlier,
but obviously I didn't express myself well enough.

And as far as I can see it makes the whole ID card scheme worse
than useless from an "identity theft" point of view.

If all and sundry have easy online access to the details they
need then there is the possibility, more likely a certainty, of
a huge leakage of personal information to everyone from banks to
bus companies.

But if there is no easy online access then the card basically
reverts to being a simple photocard.  All it asserts is that the
person who owns it looks vaguely like the person presenting it.
And if it becomes generally used like that then we have a single
point of failure for "identity theft".

I used "identity theft" in scare quotes because of course much,
maybe most, so-called identity theft, is really just fraud.
Conceptually no different to passing bad checks.  A forges B's
signature (or other token) to persuade C to give them some money
or other goods that ought to have gone to B. The loss ought to
be C's, because they are at fault in not checking who A was
properly.  The person whose "identity" is "stolen", B, ought to
be  merely inconvenienced, and ought to get their money back.
And banks are constantly trying to wriggle out of that of course.

But the media hype about "identity theft" is designed to make us
afraid that someone is going to take all our "identity" away, to
be able to pretend to be us  at all times and all places.  That
might happen now and again but it is rare. And id cards make it
MORE likely, not less.

Come to think of it compulsory ID cards shift the power to the
banks and the risk to their customers even more than chip & pin
does. If they have to accept an ID card by law then presumably
they have to turn your money over to someone who presents a
plausible card.

 > Time to let it all hang out. The verification problem was
 > repeatedly identified during 2004/5 at the Cabinet Office
 > eGovt Unit Working Group meetings (representatives from
 > numerous govt depts, eGU staff, and invited technical
 > experts), and we got very fed up with banging our heads
 > against the brick wall of Home Office - Cabinet Office quietly
 > terminated the cycle of meetings. There had also been one-
 > on-one groups between individual govt depts and HO, with
 > the same null result (I was an attendee at the DfT group
 > when HO person arrived with PA Consultants person, and
 > quietly the PA person admitted to me that there was no
 > smart card technology expert in their group - more recently
 > PA has told me, in a different context, that they are
 > management consultants, not technical, and they don't
 > subcontract so as to be able to handle technical stuff). As I
 > said at the time, the ID card project is empty at the level of
 > card design and use. The 2006 revamp, although it brought
 > in DWP expertise, hasn't, as far as I can see, resolved that
 > standoff: the verification problem doesn't seem to have
 > been progressed even though numerous other EU countries
 > have developed or are developing ways of implementing on-
 > line verification together with functions useful to the
 > citizen.





From lists at internetpolicyagency.com  Mon Aug  3 14:30:06 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Mon, 3 Aug 2009 14:30:06 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A76C917.5020606@bbk.ac.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>
	<4A736324.8070404@pelicancrossing.net> <dc5XOfB71WdKFAJ5@perry.co.uk>
	<4A76C917.5020606@bbk.ac.uk>
Message-ID: <J+wyW9qeZudKFAJq@perry.co.uk>

In article <4A76C917.5020606 at bbk.ac.uk>, ken <k.brown at bbk.ac.uk> writes
>I've also had to do the gas-bill thing at the post-office to collect 
>undelivered mail
...
>But they were explicit that all they wanted was proof of address, not 
>"identity".

If they aren't linking the address to a person, then all they are asking 
for is proof that anyone can get a bit of paper with a random address on 
it.

>I and my daughter can collect each other's mail on producing a couple 
>of bills or official documents addressed to the house without our names 
>on.

I think this falls into Ian's theory of "honest criminals" - if someone 
wants to steal your recent post, they won't be worried about stealing 
earlier post (or descending to forgery).

Meanwhile, my local supermarket is now claiming to require ID (not proof 
of age, which is rather different) if they suspect you to be under 25 
[and buying alcohol]. Previously it was 21.
-- 
Roland Perry


From nbohm at ernest.net  Mon Aug  3 19:12:57 2009
From: nbohm at ernest.net (Nicholas Bohm)
Date: Mon, 03 Aug 2009 19:12:57 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A760A7B.3020301@iosis.co.uk>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>	<4A7198CC.9040402@gmail.com>	<NGyz4pbSIacKFAix@perry.co.uk>	<4A71DD2F.5040408@gmail.com>	<C79194AF-A307-4434-B732-00EDD768D49D@batten.eu.org>	<4A74B81F.3030901@gmail.com>	<Jh+Cxe7kBVdKFA4E@perry.co.uk>	<4A756762.8040407@gmail.com>	<osmayAFEHXdKFAc7@perry.co.uk>	<50847d4ca3rl.hird@orpheusmail.co.uk>	<ESmx9AWHbddKFA6a@perry.co.uk>
	<4A760A7B.3020301@iosis.co.uk>
Message-ID: <4A7728A9.6000900@ernest.net>

An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090803/26a5e610/attachment.htm>

From amidgley at gmail.com  Mon Aug  3 22:14:56 2009
From: amidgley at gmail.com (Adrian Midgley)
Date: Mon, 03 Aug 2009 22:14:56 +0100
Subject: Who will accept ID cards?
In-Reply-To: <4A7728A9.6000900@ernest.net>
References: <vmS7wdTQnYcKFAlk@perry.co.uk>	<4A7198CC.9040402@gmail.com>	<NGyz4pbSIacKFAix@perry.co.uk>	<4A71DD2F.5040408@gmail.com>	<C79194AF-A307-4434-B732-00EDD768D49D@batten.eu.org>	<4A74B81F.3030901@gmail.com>	<Jh+Cxe7kBVdKFA4E@perry.co.uk>	<4A756762.8040407@gmail.com>	<osmayAFEHXdKFAc7@perry.co.uk>	<50847d4ca3rl.hird@orpheusmail.co.uk>	<ESmx9AWHbddKFA6a@perry.co.uk>	<4A760A7B.3020301@iosis.co.uk>
	<4A7728A9.6000900@ernest.net>
Message-ID: <4A775350.3010702@gmail.com>

Nicholas Bohm wrote:

> And to pick up an earlier point, it has never been a function of the state to 
> confer names on people, let alone a core function, either as a matter of history 
> or law.


No.  And if that is picking up my point... the point was that it is a
core function of a State to decide who is a citizen, or subject to it.

It isn't a question of what the identity is or is called, but of what
privileges and rights the State claims over it, and in modern times,
vice versa.

-- 
A



From signup at bealoid.co.uk  Mon Aug  3 22:28:18 2009
From: signup at bealoid.co.uk (signup at bealoid.co.uk)
Date: Mon, 03 Aug 2009 22:28:18 +0100
Subject: securing distributed partial medical records?
In-Reply-To: <20090727094241.GA12390@annexia.org>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<4A6C28C6.1040707@gmail.com> <20090727094241.GA12390@annexia.org>
Message-ID: <20090803222818.58856vtinkvrhzsw@webmail01.purplecloud.com>

Quoting Richard Jones <rich at annexia.org>:

[snip]

> There's also a psychological distinction with this: If I just have to
> type "ADRIAN MIDGLEY" into a computer terminal located in my private
> office to pull up your medical records, then that's a lot easier than
> if I have to haul myself along to your local GP and ask your GP's
> receptionist face-to-face to see your paper records.

I *really* want to see some data about breaches in patient confidentiality.

I strongly suspect that you'd have a lot more success if you asked a  
receptionist (the right questions).

Note that I've never suggested that it would be as easy as typing a  
name; you'd type the name, and then sign to say that you're accessing  
data.  You'd only be allowed to access certain data and audit trails  
would be kept.





From signup at bealoid.co.uk  Mon Aug  3 23:08:33 2009
From: signup at bealoid.co.uk (signup at bealoid.co.uk)
Date: Mon, 03 Aug 2009 23:08:33 +0100
Subject: securing distributed partial medical records?
In-Reply-To: <4A6E0089.8050002@gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk> <4A6C28C6.1040707@gmail.com>
	<BrjWmKEBnFbKFAJA@kalahari.uninhabited.net>
	<20090726230657.14826q4suzc6svc4@webmail01.purplecloud.com>
	<op.uxp4dyy46hl8nm@clerew.man.ac.uk>
	<20090727190251.1593066329ur60nf@webmail01.purplecloud.com>
	<4A6E0089.8050002@gmail.com>
Message-ID: <20090803230833.15712dgveakwkpwk@webmail01.purplecloud.com>

Quoting Adrian Midgley <amidgley at gmail.com>:

> Any system, wherever whatever data is stored, has to provide access to
> it to the people who (are believed to) have a need to use it, IE those
> in the general practices and hospitals, in this context.

You'll note that I was not the person who first mentioned unauthorised  
access.  Someone else mentioned a police officer asking for a list of  
pregnant youth.

> This really is a complete diversion from anything worth discussing about
> the places in which to put the data I generate about my patients, and so
> on for everyone else

We agree that multiple partial systems are poor, and that GPs have a  
strong desire to protect confidentiality.

* The GP stores the records.
* People who create information about a patient store that information  
on the GP's computer.  Only certain people are allowed to modify the  
GP's records.  Those write operations are cryptographically signed,  
and audit trails are kept.
* People who need information about a patient query the GP's computer.  
  Only certain people are allowed to read the records.  Those read  
operations are cryptographically signed, and audit trails are kept.
* The records have "version control" or "file locking" or whatever you  
want to call it, to ensure that a change is always recorded correctly.

This appears to provide all the benefits of computerised records,  
while avoiding some of the disadvantages of the Spine.

(Note where I've said "the GP's computer" I'm happy for that to mean  
"a computer in the Primary Care Trust", or even "a national spine NHS  
computer", but other people hate this idea.)

> how to allow machiens to talk to each other about it

How much of the information is already a defined standard? (eg, Read  
Codes? Or Allowable Prescription Meds and their cost code?)

How much of the rest of the information needs to be kludged into some  
format before it's useful?  Or could it just be kept as huge text  
fields?

> (until we have a machine society, social engineering is not going to
> be relevant to the xray reports of a patient being made available
> through their GP record)

Your model - each person who creates data keeps and controls that data  
(correct me if I got that wrong) seems full of problems.  Keeping that  
data confidential is one of them.

Note that I suggested keeping central records to avoid risk of leaking  
data from scattered records, not to avoid risk of leaking data from GP  
records.

> and crucially IMHO who it is who gets first
> look at the access logs.

Everything held by GP == GP gets first look, unless there's some audit  
by whoever does the auditing.
Everything scattered on different systems == who knows who gets first  
look at the audit trails.

Please, why is who gets first look at access logs crucial?

> Please don't solve other problems.

I've tried really hard to stick to your point.

I'm guessing from the responses so far that people might want some  
clarification to your original question.   Did you want names of  
software? Did you want encryption protocols?



From amidgley at gmail.com  Tue Aug  4 00:33:29 2009
From: amidgley at gmail.com (Adrian Midgley)
Date: Tue, 04 Aug 2009 00:33:29 +0100
Subject: securing distributed partial medical records?
In-Reply-To: <20090803230833.15712dgveakwkpwk@webmail01.purplecloud.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<4A6C28C6.1040707@gmail.com>	<BrjWmKEBnFbKFAJA@kalahari.uninhabited.net>	<20090726230657.14826q4suzc6svc4@webmail01.purplecloud.com>	<op.uxp4dyy46hl8nm@clerew.man.ac.uk>	<20090727190251.1593066329ur60nf@webmail01.purplecloud.com>	<4A6E0089.8050002@gmail.com>
	<20090803230833.15712dgveakwkpwk@webmail01.purplecloud.com>
Message-ID: <4A7773C9.500@gmail.com>

signup at bealoid.co.uk wrote:

> We agree that multiple partial systems are poor, 
I'm less certain of that.

> and that GPs have a
> strong desire to protect confidentiality.

> * The GP stores the records.
> * People who create information about a patient store that information
> on the GP's computer.  

Most of them will not accept that.
Surely it is more logical for them to store the information they create
on their computers?

> (Note where I've said "the GP's computer" I'm happy for that to mean "a
> computer in the Primary Care Trust", or even "a national spine NHS
> computer", but other people hate this idea.)
I'm one of the others.

>> how to allow machiens to talk to each other about it

> How much of the information is already a defined standard? (eg, Read
> Codes? Or Allowable Prescription Meds and their cost code?)

Quite a lot, but the thing is how to allow it - let usa ssume they can
actually read the data once they get it, the question is how to securely
control the getting.


> Your model - each person who creates data keeps and controls that data
> (correct me if I got that wrong) seems full of problems.  Keeping that
> data confidential is one of them.
?
It is the model that we have had forever though.

> Everything held by GP == GP gets first look, unless there's some audit
> by whoever does the auditing.
> Everything scattered on different systems == who knows who gets first
> look at the audit trails.
> 
> Please, why is who gets first look at access logs crucial?
Because the threat model I think exists is of people who get that look -
or who are supposed to but are rather  busy - not doing anything about
accesses that would be resented if they were known about.



> I'm guessing from the responses so far that people might want some
> clarification to your original question.   Did you want names of
> software? Did you want encryption protocols?


Not the first.  I suspect the actual protocols involved are detail.

-- 
A



From gfrer at luna.nl  Tue Aug  4 10:08:37 2009
From: gfrer at luna.nl (Gerard Freriks)
Date: Tue, 4 Aug 2009 11:08:37 +0200
Subject: securing distributed partial medical records?
In-Reply-To: <4A7773C9.500@gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<4A6C28C6.1040707@gmail.com>	<BrjWmKEBnFbKFAJA@kalahari.uninhabited.net>	<20090726230657.14826q4suzc6svc4@webmail01.purplecloud.com>	<op.uxp4dyy46hl8nm@clerew.man.ac.uk>	<20090727190251.1593066329ur60nf@webmail01.purplecloud.com>	<4A6E0089.8050002@gmail.com>
	<20090803230833.15712dgveakwkpwk@webmail01.purplecloud.com>
	<4A7773C9.500@gmail.com>
Message-ID: <6FD75983-EC22-4DE8-994F-890E90DEB699@luna.nl>


On 4 aug 2009, at 01:33, Adrian Midgley wrote:

>> Your model - each person who creates data keeps and controls that  
>> data
>> (correct me if I got that wrong) seems full of problems.  Keeping  
>> that
>> data confidential is one of them.
> ?
> It is the model that we have had forever though.

There can be only ONE model, I think:
- the person that documents is accountable for what he documents, who  
gets access, how information security measures are applied, maintained  
and checked, etc.
- In the case of a GP-office it is the responsible treating physician  
that is personally accountable.
- When the information is about a patient, then the patient has  
rights: inspection, changes and controlling access to all or any part  
of the data/information.

Reason: The chain of accountability has to start somewhere. It is  
logical that with the documenter and the data subject the chain of  
accountability starts.
There is nobody else that can be held accountable.




-- <private> --
Gerard Freriks, MD
Huigsloterdijk 378
2158 LR Buitenkaag
The Netherlands

T: +31 252544896
M: +31 620347088
E:     gfrer at luna.nl



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090804/f77b0878/attachment.htm>

From igb at batten.eu.org  Fri Aug  7 13:50:54 2009
From: igb at batten.eu.org (Ian Batten)
Date: Fri, 7 Aug 2009 13:50:54 +0100 (BST)
Subject: ID Card Fail
In-Reply-To: <6FD75983-EC22-4DE8-994F-890E90DEB699@luna.nl>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk> <4A6C28C6.1040707@gmail.com>
	<BrjWmKEBnFbKFAJA@kalahari.uninhabited.net>
	<20090726230657.14826q4suzc6svc4@webmail01.purplecloud.com>
	<op.uxp4dyy46hl8nm@clerew.man.ac.uk>
	<20090727190251.1593066329ur60nf@webmail01.purplecloud.com>
	<4A6E0089.8050002@gmail.com>
	<20090803230833.15712dgveakwkpwk@webmail01.purplecloud.com>
	<4A7773C9.500@gmail.com>
	<6FD75983-EC22-4DE8-994F-890E90DEB699@luna.nl>
Message-ID: <cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>

http://www.dailymail.co.uk/news/article-1204641/New-ID-cards-supposed-unforgeable--took-expert-12-minutes-clone-programme-false-data.html#



From tugwilson at gmail.com  Fri Aug  7 14:03:30 2009
From: tugwilson at gmail.com (John Wilson)
Date: Fri, 7 Aug 2009 14:03:30 +0100
Subject: ID Card Fail
In-Reply-To: <cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<BrjWmKEBnFbKFAJA@kalahari.uninhabited.net>
	<20090726230657.14826q4suzc6svc4@webmail01.purplecloud.com>
	<op.uxp4dyy46hl8nm@clerew.man.ac.uk>
	<20090727190251.1593066329ur60nf@webmail01.purplecloud.com>
	<4A6E0089.8050002@gmail.com>
	<20090803230833.15712dgveakwkpwk@webmail01.purplecloud.com>
	<4A7773C9.500@gmail.com>
	<6FD75983-EC22-4DE8-994F-890E90DEB699@luna.nl>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
Message-ID: <a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>

2009/8/7 Ian Batten <igb at batten.eu.org>:
> http://www.dailymail.co.uk/news/article-1204641/New-ID-cards-supposed-unforgeable--took-expert-12-minutes-clone-programme-false-data.html#


and the Govt response

http://www.theregister.co.uk/2009/08/07/id_card_hacked/

That's OK, then

John Wilson


From davidh at spidacom.co.uk  Fri Aug  7 14:48:02 2009
From: davidh at spidacom.co.uk (David Hansen)
Date: Fri, 07 Aug 2009 14:48:02 +0100
Subject: ID Card Fail
In-Reply-To: <a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>,
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>,
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
Message-ID: <4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>

On 7 Aug 2009 at 14:03, John Wilson wrote:

> http://www.theregister.co.uk/2009/08/07/id_card_hacked/

I like this bit:

"The Home Office has dismissed the report. "This story is rubbish. We 
are satisfied the personal data on the chip cannot be changed or 
modified and there is no evidence this has happened," said a 
spokesperson."

Translated into English that means that the story is true, data can be 
modified and there is evidence this has already been done. Reality is 
always the exact opposite of what the Home Office claim it is.




-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From k.brown at bbk.ac.uk  Fri Aug  7 15:30:55 2009
From: k.brown at bbk.ac.uk (ken)
Date: Fri, 07 Aug 2009 15:30:55 +0100
Subject: ID Card Fail
In-Reply-To: <cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk> <4A6C28C6.1040707@gmail.com>
	<BrjWmKEBnFbKFAJA@kalahari.uninhabited.net>
	<20090726230657.14826q4suzc6svc4@webmail01.purplecloud.com>
	<op.uxp4dyy46hl8nm@clerew.man.ac.uk>
	<20090727190251.1593066329ur60nf@webmail01.purplecloud.com>
	<4A6E0089.8050002@gmail.com>
	<20090803230833.15712dgveakwkpwk@webmail01.purplecloud.com>
	<4A7773C9.500@gmail.com>
	<6FD75983-EC22-4DE8-994F-890E90DEB699@luna.nl>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
Message-ID: <4A7C3A9F.5090707@bbk.ac.uk>

Its all a matter of reputation. Who do I think knows more about 
this stuff - Adam Laurie or the people the government is 
listening to?

No brainer. *I* know more about this than the people advising 
the government. They are relying on consultants from businesses 
who want to sell them stuff. And they are paying more attention 
to them than they are to their own civil servants (most of whom 
realise that the ID card project is a crock) or even some of 
their own back-benchers (many of whom, possibly even most, are 
opposed to it on political grounds, though shamefully all but a 
couple of dozen voted the party line)

Anyway, it doesn't matter. We all know that widespread use of 
government ID cards will promote ID theft even if they work 
entirely as  advertised.


From davidh at spidacom.co.uk  Fri Aug  7 16:34:12 2009
From: davidh at spidacom.co.uk (David Hansen)
Date: Fri, 07 Aug 2009 16:34:12 +0100
Subject: ID Card Fail
In-Reply-To: <4A7C3A9F.5090707@bbk.ac.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>,
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>,
	<4A7C3A9F.5090707@bbk.ac.uk>
Message-ID: <4A7C5784.21804.137FAA3@davidh.spidacom.co.uk>

On 7 Aug 2009 at 15:30, ken wrote:

> Its all a matter of reputation. Who do I think knows more about 
> this stuff - Adam Laurie or the people the government is 
> listening to?
> 
> No brainer. *I* know more about this than the people advising 
> the government.

That's the size of it.

Off topic, but I was very taken with the description of Mastermind in 
the first of the comments regarding SOCPA at 
<http://www.guardian.co.uk/commentisfree/libertycentral/2009/aug/07/mark
-thomas-socpa>

"It's always good to be reminded what a reactionary, mean spirited and 
awful Minister this man was."

I really do like that.






-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From dave.cardwell1 at googlemail.com  Fri Aug  7 17:51:43 2009
From: dave.cardwell1 at googlemail.com (Dave Cardwell)
Date: Fri, 7 Aug 2009 17:51:43 +0100
Subject: ID Card Fail
In-Reply-To: <4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
Message-ID: <2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>

> On 7 Aug 2009 at 14:03, John Wilson wrote:
>
> I like this bit:
>
> "The Home Office has dismissed the report. "This story is rubbish. We
> are satisfied the personal data on the chip cannot be changed or
> modified and there is no evidence this has happened," said a
> spokesperson."
>
> Translated into English that means that the story is true, data can be
> modified and there is evidence this has already been done. Reality is
> always the exact opposite of what the Home Office claim it is.
>


As a comment on the Reg article points out, the quote above is
technically correct, it just doesn't answer the right question.

Note they said "the chip cannot be changed or modified" - it wasn't,
instead it was copied and the copy was modifed.

Being able to make multiple copies, each with slightly modified
details would seem to be a bigger weakness than the ability to modify
a single card, but either they weren't asked about that or chose not
to answer that part of the question.

Dave


From benjamin at py-soft.co.uk  Fri Aug  7 20:14:35 2009
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Fri, 7 Aug 2009 15:14:35 -0400
Subject: ID Card Fail
In-Reply-To: <2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
Message-ID: <732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>

2009/8/7 Dave Cardwell <dave.cardwell1 at googlemail.com>:
> As a comment on the Reg article points out, the quote above is
> technically correct, it just doesn't answer the right question.

The Mail article still strikes me as FUD.

Ben


From bdm at fenrir.org.uk  Fri Aug  7 20:41:06 2009
From: bdm at fenrir.org.uk (Brian Morrison)
Date: Fri, 7 Aug 2009 20:41:06 +0100
Subject: ID Card Fail
In-Reply-To: <732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
Message-ID: <20090807204106.2f558604@peterson.fenrir.org.uk>

On Fri, 7 Aug 2009 15:14:35 -0400
Benjamin Donnachie <benjamin at py-soft.co.uk> wrote:

> 2009/8/7 Dave Cardwell <dave.cardwell1 at googlemail.com>:
> > As a comment on the Reg article points out, the quote above is
> > technically correct, it just doesn't answer the right question.
> 
> The Mail article still strikes me as FUD.

Well you need to qualify a statement of that nature. Why do you think
it is FUD, do you believe that it wasn't done as described?

I'll admit that I was a bit suspicious of the "with a little help from
another technology expert" bit.

-- 

Brian Morrison

bdm at fenrir dot org dot uk

   "Arguing with an engineer is like wrestling with a pig in the mud;
    after a while you realize you are muddy and the pig is enjoying it."
    
GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090807/ae8e28dd/attachment.pgp>

From benjamin at py-soft.co.uk  Fri Aug  7 21:33:36 2009
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Fri, 7 Aug 2009 16:33:36 -0400
Subject: ID Card Fail
In-Reply-To: <20090807204106.2f558604@peterson.fenrir.org.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
Message-ID: <732076a80908071333s28568742ta9132570f0b49c9e@mail.gmail.com>

2009/8/7 Brian Morrison <bdm at fenrir.org.uk>:
>> The Mail article still strikes me as FUD.
> Well you need to qualify a statement of that nature. Why do you think
> it is FUD, do you believe that it wasn't done as described?

Fair point...  I'm currently on EDT time and will go through it in
detail later when I finish work...

Ben


From brian at thejohnsons.co.uk  Sat Aug  8 00:04:43 2009
From: brian at thejohnsons.co.uk (Brian L Johnson)
Date: Sat, 08 Aug 2009 00:04:43 +0100
Subject: ID Card Fail
In-Reply-To: <732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
Message-ID: <op.uybed5vjc3r7hz@thedell>

Benjamin Donnachie <benjamin at py-soft.co.uk> wrote:

> 2009/8/7 Dave Cardwell <dave.cardwell1 at googlemail.com>:
>> As a comment on the Reg article points out, the quote above is
>> technically correct, it just doesn't answer the right question.
>
> The Mail article still strikes me as FUD.

The Home Office thinks so.

http://www.computerweekly.com/Articles/2009/08/07/237247/id-card-cannot-be-hacked-uk-government-claims-encryption-secrets.htm

or http://is.gd/2717q


-- 
-brianlj-


From benjamin at py-soft.co.uk  Sat Aug  8 03:05:35 2009
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Fri, 7 Aug 2009 22:05:35 -0400
Subject: ID Card Fail
In-Reply-To: <20090807204106.2f558604@peterson.fenrir.org.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
Message-ID: <732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>

2009/8/7 Brian Morrison <bdm at fenrir.org.uk>:
> Well you need to qualify a statement of that nature. Why do you think
> it is FUD, do you believe that it wasn't done as described?

I believe that they created an RFID chip that held the details they
claimed, but would not be recognised by any official reader.

>>> To create his 'clone', Adam Laurie studied the card to locate a particular set of numbers that are printed on it. (These provide
>>> a key to cracking the encryption on the chip but, for security reasons, we will not reveal where they are).

If I remember correctly, the holder's date of birth is all you need to
READ data from an RFID passport.  Since the ID cards are intended to
be widespread and read by just about anyone, I can see how such a
simple check - which ensures that whoever is READING the card is
actually in possession of it - would have made sense to the designer.

I previously experimented with a smart card implementation - using
SOSSE[1] as the basis for a completed open source implementation of
the OpenPGP smartcard - and I expect data to have been protected with
some form of public/private key encryption or signing.  I can't see
anything on the images I have seen that look remotely like a such
public/private key.

>>> Laurie then inputted these numbers into a standard Nokia mobile phone, which comes pre-equipped with chip-scanning software.

Standard Nokia phones cannot read RFID tags.  You can get the Nokia
Mobile RFID Kit for the Nokia 5140 which includes two Nokia
Xpress-on(TM) RFID reader shells[2] but that seems to be read only.

>>> He was then able to download Albert's ID chip details on to the blank smart card, creating a perfect copy or 'clone'. So far, so extraordinary. But there is more.

Hardly surprising.  You could probably write the details to any RFID
tag, but it is unlikely to be recognised as valid.  It's like copying
someone's details onto a piece of A4 paper - the details are there and
it's perfectly readable, but it doesn't make it a passport.

>>> This was a more complex process because the ID chips are supposed to be tamper-proof. Each chip stores its holder's personal data in 16 separate files, known as 'datagroups'.

Nothing amazing there - standard smartcard way of data storage.  It's
effectively a file system for the card.

>>> Each one of these files is supposed to be protected with a special digital key, so that if anyone attempts to change it, the card would be identifiable as a fake to any official with a digital chip reader.

>>> Drawing on the work of renowned New Zealand computer scientist Peter Gutmann, our team was able to alter the contents of each datagroup and then 'relock' them, so that the card would be accepted as genuine.

Which part of this work exactly?  Vista content protection?  Erasing
data from hard-drives?  Research from 1997 into the insecurity in bus
RFID cards?

I cannot accept that they were able to break the public/private key
algorithms that must be used to protect data on the cards.

>>> Incredibly, even though more than 51,000 ID cards have already been issued, there are no official electronic readers to check them against, except at UK borders, where foreigners' ID cards have replaced old-style paper visas.

Okay, so they weren't able to test it properly?

>>> So we downloaded the latest version of Golden Reader and used it to test our cloned card. The card passed.

Again, they weren't able to test it properly?  So, they were able to
crack the Government's private signing key, but without the public key
to verify the signature, they were able to read the data perfectly?

Without wishing to abuse the analogy too much, a piece of paper with
passport written in crayon across it still isn't a passport!

>>> That view is not shared by Ian Angell, professor of information systems at the London School of Economics. He said: 'This has put a huge nail in the coffin of the National Identity Scheme. The Government can no longer say ID cards will protect us from identity theft. You have proved that they won't.'

Prof Angell is known as being outspoken but does not appear to have a
background in cryptography or experience with smartcards [3][4].

>>> When we told Chris Huhne, the Liberal Democrat Shadow Home Secretary, about our findings, he was appalled.

Hardly surprising given that his party is opposed to ID cards!

A bit more information was contained in a very similar article in
November 2006 by the same journalist[5]:

>>> This is where he learned that the key to opening up the secure chip was contained in the passports themselves - passport number, date of birth and expiry date.
>>> "I was amazed that they made it so easy," Laurie says. "The information contained in the chip is not encrypted, but to access it you have to start up an encrypted conversation between the reader and the RFID chip in the passport.
>> The Home Office thinks not. It correctly points out that the information sucked out of the chip is only the same as that which appears on the page, readable with the human eye. And to obtain the key in the first place, you would need to have access to the passport to read (with the naked eye) its number, expiry date and the date of birth of its holder.

Easy to see how the designers would have considered this sufficient.

Further details on zdnet[6]"

>>> DG14 contains active authentication cryptographic safeguards, which are meant, in part, to ensure that the card has not been tampered with.
>>> However, when a card is presented to a reader, the card itself tells the reader whether it should check for a digital certificate. This makes the safeguards ineffectual, as removing the data group removes the check, said Laurie.
>>> "If the file is not present on the card, the reader doesn't ask for it," said Laurie "The card dictates to the reader what security checks to do, and since I control the card, I can tell it to do no security checks."
>>> The digital certificate also guarantees the authenticity of the other data groups on the card. Each file has a cryptographic signature or checksum that is checked against the digital certificate. The idea is that if any of the files are tampered with, the cryptographic signature will no longer be valid.

Without access to an official reader, he is satisfied that he has
disabled the security checks?  Sorry, it's not enough for me.  This
article goes on to explain that suitably equipped Nokia mobiles can be
used to read the card, but a computer is needed to process the
information and to write new details.  Not quite the nightmare
scenario described in The Mail.

The article in The Mail is full of emotive language and anti-Labour
rhetoric.  I support neither Labour nor ID cards but I'm not convinced
by the scant reporting in the article; you can write passport in
crayon as much as you like, but it doesn't make it a passport!

I am happy to be proven wrong if it can be shown to work on a proper,
official, reader.

Ben

[1] http://www.mbsks.franken.de/sosse/
[2] http://press.nokia.com/PR/200502/981601_5.html
[3] http://personal.lse.ac.uk/ANGELL/
[4] http://en.wikipedia.org/wiki/Ian_Angell
[5] http://www.guardian.co.uk/technology/2006/nov/17/news.homeaffairs
[6] http://news.zdnet.co.uk/security/0,1000000189,39709652,00.htm


From benjamin at py-soft.co.uk  Sat Aug  8 03:10:11 2009
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Fri, 7 Aug 2009 22:10:11 -0400
Subject: ID Card Fail
In-Reply-To: <op.uybed5vjc3r7hz@thedell>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<op.uybed5vjc3r7hz@thedell>
Message-ID: <732076a80908071910n6a28c080o6cce5172dcb035ea@mail.gmail.com>

2009/8/7 Brian L Johnson <brian at thejohnsons.co.uk>:
>> The Mail article still strikes me as FUD.
> The Home Office thinks so.

>>> The identity card includes a number of design and security features that are extremely difficult to replicate. Furthermore, the card readers we will deploy will undertake chip authentication checks that the card produced will not pass.

As I expected.

>>> The Home Office said that it is using RSA encryption technologies to protect the sensitive data on the card elliptic curve encryption to prevent the card from being cloned.

ECC is perfect for smartcards - needs much less computing power than
RSA and generally considered more secure with fewer bits.

Ben


From tony.naggs at googlemail.com  Sat Aug  8 06:47:54 2009
From: tony.naggs at googlemail.com (Tony Naggs)
Date: Sat, 8 Aug 2009 01:47:54 -0400
Subject: ID Card Fail
In-Reply-To: <732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
Message-ID: <ffe0ebc90908072247l6d4baf4j6807cd84994d1995@mail.gmail.com>

2009/8/7 Benjamin Donnachie <benjamin at py-soft.co.uk> wrote:
>
> If I remember correctly, the holder's date of birth is all you need to
> READ data from an RFID passport. ?... <snip>

5 seconds with Google or Yahoo would show that your memory is faulty,
see for example http://en.wikipedia.org/wiki/Biometric_passport
or the copies of ICAO 9303 linked from there.



>>>> Laurie then inputted these numbers into a standard Nokia mobile phone, which comes pre-equipped with chip-scanning software.
>
> Standard Nokia phones cannot read RFID tags. ?You can get the Nokia
> Mobile RFID Kit for the Nokia 5140 which includes two Nokia
> Xpress-on(TM) RFID reader shells[2] but that seems to be read only.

Not true, the Nokia 6212 is widely on sale, I bought one from Play last year:
http://www.play.com/Mobiles/Mobile/4-/5452040/Nokia-6212-NFC-Sim-Free-Unlocked-Mobile-Phone/Product.html

And the older NFC version of the Nokia 6131was previously on open
sale, as well as being used by various transport authorities to trial
phones with embedded NFC ticketing. The London Oyster trials for
example had a lot of press coverage. Other manufacturers have included
NFC functionality in phones, though I only know of them being widely
used in Japan.


The rest of your posting is full of more wild nonsense and
suppositions, which I'm not going to waste further time on.


Best regards,
Tony


From clive at davros.org  Sat Aug  8 09:36:23 2009
From: clive at davros.org (Clive D.W. Feather)
Date: Sat, 8 Aug 2009 09:36:23 +0100
Subject: ID Card Fail
In-Reply-To: <732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
Message-ID: <20090808083623.GR17800@davros.org>

Benjamin Donnachie said:
> If I remember correctly, the holder's date of birth is all you need to
> READ data from an RFID passport.  Since the ID cards are intended to
> be widespread and read by just about anyone, I can see how such a
> simple check - which ensures that whoever is READING the card is
> actually in possession of it - would have made sense to the designer.
[...]
>>> The Home Office thinks not. It correctly points out that the information sucked out of the chip is only the same as that which appears on the page, readable with the human eye. And to obtain the key in the first place, you would need to have access to the passport to read (with the naked eye) its number, expiry date and the date of birth of its holder.
> 
> Easy to see how the designers would have considered this sufficient.

Huh?

I can think of lots of people who have access to my passport number, expiry
date, and my date of birth. For a start, the various banks where I have
opened an account, and the various places that have required me to apply
for CRB disclosure. None of whom are in possession of my passport (and some
of whom have never seen it).

-- 
Clive D.W. Feather          | If you lie to the compiler,
Email: clive at davros.org     | it will get its revenge.
Web: http://www.davros.org  |   - Henry Spencer
Mobile: +44 7973 377646


From benjamin at py-soft.co.uk  Sat Aug  8 17:19:00 2009
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Sat, 8 Aug 2009 12:19:00 -0400
Subject: ID Card Fail
In-Reply-To: <ffe0ebc90908072247l6d4baf4j6807cd84994d1995@mail.gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<ffe0ebc90908072247l6d4baf4j6807cd84994d1995@mail.gmail.com>
Message-ID: <732076a80908080919p2c8fc685m666f9becb00b521d@mail.gmail.com>

2009/8/8 Tony Naggs <tony.naggs at googlemail.com>:
> The rest of your posting is full of more wild nonsense and
> suppositions, which I'm not going to waste further time on.

The original article is based upon nonsense and suppositions.

Ben


From benjamin at py-soft.co.uk  Sat Aug  8 17:23:13 2009
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Sat, 8 Aug 2009 12:23:13 -0400
Subject: ID Card Fail
In-Reply-To: <20090808083623.GR17800@davros.org>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
Message-ID: <732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>

2009/8/8 Clive D.W. Feather <clive at davros.org>:
>> Easy to see how the designers would have considered this sufficient.
> Huh?

I didn't way that I agreed, just that it's easy to see how the
designers would have thought it sufficient.

It's fairly easily to read these devices, it'sfairly easy to write
data in a similar structure to another.  But I am not convinced that
the latter would pass any official verification.

Surely this list understands the principles of digital signatures?
Public/private keys?  Sign data with your private key and everyone
with the public key can verify it?

Yes the card they designed worked with some software they downloaded
from the Internet, but by their own admission it was not an official
reader and did not have the Government's public key.

Ben


From casparb at microsoft.com  Sat Aug  8 19:17:42 2009
From: casparb at microsoft.com (Caspar Bowden)
Date: Sat, 8 Aug 2009 19:17:42 +0100
Subject: ID Card Fail
In-Reply-To: <732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
Message-ID: <2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>

This report has more technical detail
http://news.zdnet.co.uk/security/0,1000000189,39709652,00.htm 

--
Caspar Bowden



From pwt at iosis.co.uk  Sat Aug  8 21:20:37 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Sat, 08 Aug 2009 21:20:37 +0100
Subject: ID Card Fail
In-Reply-To: <2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>
Message-ID: <4A7DDE15.5010905@iosis.co.uk>

Caspar Bowden wrote:
> This report has more technical detail
> http://news.zdnet.co.uk/security/0,1000000189,39709652,00.htm 
>
> --
> Caspar Bowden
When the ICAO 9303 (aka ISO 7501) update for the smart passports was 
being developed, ISO/IEC JTC1 SC17 people were so concerned that they 
ran a seminar event in London. ICAO people admitted that they had not 
hired any technical experts to work on the design at that stage because 
they were constrained by the organisation's rules to seek help only from 
their members, the airlines, and nobody in the airlines had relevant 
expertise.

The idea then was to have a global key server that held the public keys 
for every country's chip passports, and during a break a few of us 
thought about this and decided that, with ICAO in charge, it would not 
be long before such a key server was compromised, and maybe even an 
entirely fictititious country installed there.

We have moved on a bit since then, but curiously not solved the problem 
of offline readers that can securely verify a passport or even a UK ID card.

Peter




From tony.naggs at googlemail.com  Sun Aug  9 01:47:43 2009
From: tony.naggs at googlemail.com (Tony Naggs)
Date: Sat, 8 Aug 2009 20:47:43 -0400
Subject: ID Card Fail
In-Reply-To: <732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
Message-ID: <ffe0ebc90908081747s54abe0a2rfbe0b4539474cb2b@mail.gmail.com>

2009/8/8 Benjamin Donnachie <benjamin at py-soft.co.uk>:
>
> It's fairly easily to read these devices, it'sfairly easy to write
> data in a similar structure to another. ?But I am not convinced that
> the latter would pass any official verification.
>
> Surely this list understands the principles of digital signatures?
> Public/private keys? ?Sign data with your private key and everyone
> with the public key can verify it?
>
> Yes the card they designed worked with some software they downloaded
> from the Internet, but by their own admission it was not an official
> reader and did not have the Government's public key.

Any number of digital signatures could be added to the card, but the
Home Office has not yet distributed any card readers that do such a
check[1]:
    "Initially, organisations will be able to use the card to check
    the holder's details visually. Over time, they will also be able
    to use a card reader to check that the details held on the
    card are authentic and valid."

To my knowledge the Home Office have not yet contracted a supplier to
provide such readers, and The Register /and www.kable.co.uk have been
reporting on such contracts as they are issued.



1. http://www.direct.gov.uk/en/Governmentcitizensandrights/Identitycards/DG_174258


From benjamin at py-soft.co.uk  Sun Aug  9 02:21:39 2009
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Sat, 8 Aug 2009 21:21:39 -0400
Subject: ID Card Fail
In-Reply-To: <ffe0ebc90908081747s54abe0a2rfbe0b4539474cb2b@mail.gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<ffe0ebc90908081747s54abe0a2rfbe0b4539474cb2b@mail.gmail.com>
Message-ID: <732076a80908081821vb84f118o82f79e89390c9e6a@mail.gmail.com>

2009/8/8 Tony Naggs <tony.naggs at googlemail.com>:
> To my knowledge the Home Office have not yet contracted a supplier to
> provide such readers, and The Register /and www.kable.co.uk have been
> reporting on such contracts as they are issued.

I guess that's one way around the problem of reader's falsely
recognising cards as valid; just don't issue any readers!

Ben


From pwt at iosis.co.uk  Sun Aug  9 06:55:46 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Sun, 09 Aug 2009 06:55:46 +0100
Subject: ID Card Fail
In-Reply-To: <ffe0ebc90908081747s54abe0a2rfbe0b4539474cb2b@mail.gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<ffe0ebc90908081747s54abe0a2rfbe0b4539474cb2b@mail.gmail.com>
Message-ID: <4A7E64E2.7040207@iosis.co.uk>

Tony Naggs wrote:
> 2009/8/8 Benjamin Donnachie <benjamin at py-soft.co.uk>:
>   
>> It's fairly easily to read these devices, it'sfairly easy to write
>> data in a similar structure to another.  But I am not convinced that
>> the latter would pass any official verification.
>>
>> Surely this list understands the principles of digital signatures?
>> Public/private keys?  Sign data with your private key and everyone
>> with the public key can verify it?
>>
>> Yes the card they designed worked with some software they downloaded
>> from the Internet, but by their own admission it was not an official
>> reader and did not have the Government's public key.
>>     
> Any number of digital signatures could be added to the card, but the
> Home Office has not yet distributed any card readers that do such a
> check[1]:
>     "Initially, organisations will be able to use the card to check
>     the holder's details visually. Over time, they will also be able
>     to use a card reader to check that the details held on the
>     card are authentic and valid."
>
> To my knowledge the Home Office have not yet contracted a supplier to
> provide such readers, and The Register /and www.kable.co.uk have been
> reporting on such contracts as they are issued.
>
> 1. http://www.direct.gov.uk/en/Governmentcitizensandrights/Identitycards/DG_174258
A week ago in the 'Who will accept ID cards?' thread, I wrote a little 
about the 2004/5 discussions at Cabinet Office eGU WGs and one-on-one 
Whitehall Dept discussions with HO. Govt depts had been 'encouraged' to 
study how they would use the ID cards, and they wanted on-line access to 
the verification service, by way of connections from their own systems - 
they expected to deploy their own terminals. At the time there was on an 
HO web site a system architecture diagram with a comms port in the 
bottom left hand corner, for connection to trusted third parties - that 
diagram soon disappeared. Some of us thought that the intention was to 
allow organisations such as credit reference agencies to connect up, but 
of course govt depts such as DWP and DoH wanted to connect. They never 
got any answer to the questions about how this port would work, because 
of course no detail design had been done to support that architecture 
diagram - yet across Europe there was a growing consensus on what an eID 
card would contain (including X25 digital cert), and the ICAO passport 
work was under way (not an eID design). But here in the UK we were 
dealing enturely with non-technical people who in turn had contracted 
with non-technical consultants.

There was also a paper from a business consultancy, analysing the stated 
costs of the project. The introduction to that paper contained a 
disclaimer that the writers had to assume that the system architecture 
was robust, and that the cost estimate for building the system was 
valid. No wonder LSE got to work on doing their own estimates of cost of 
the overall project.

Peter




From nbohm at ernest.net  Sun Aug  9 06:57:59 2009
From: nbohm at ernest.net (Nicholas Bohm)
Date: Sun, 09 Aug 2009 06:57:59 +0100
Subject: ID Card Fail
In-Reply-To: <4A7DDE15.5010905@iosis.co.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>
	<4A7DDE15.5010905@iosis.co.uk>
Message-ID: <4A7E6567.8040803@ernest.net>

An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090809/7510072e/attachment.htm>

From lists at internetpolicyagency.com  Sun Aug  9 07:25:59 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Sun, 9 Aug 2009 07:25:59 +0100
Subject: ID Card Fail
In-Reply-To: <2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>
Message-ID: <fhYHR$03vmfKFAbG@perry.co.uk>

In article
<2298D4476FA2F44591690E423F07C37B2F59F87A71 at EA-EXMSG-C333.europe.corp.mic
rosoft.com>, Caspar Bowden <casparb at microsoft.com> writes
>This report has more technical detail
>http://news.zdnet.co.uk/security/0,1000000189,39709652,00.htm

        "DG14 contains active authentication cryptographic safeguards,
        which are meant, in part, to ensure that the card has not been
        tampered with.

        However, when a card is presented to a reader, the card itself
        tells the reader whether it should check for a digital
        certificate. This makes the safeguards ineffectual, as removing
        the data group removes the check, said Laurie.

        "If the file is not present on the card, the reader doesn't ask
        for it," said Laurie "The card dictates to the reader what
        security checks to do, and since I control the card, I can tell
        it to do no security checks."

But a future reader could always do the security check, or maybe sound
an alarm if a card is presented which asks to skip the security check.

        "The digital certificate also guarantees the authenticity of the
        other data groups on the card. Each file has a cryptographic
        signature or checksum ...

Is it a signature or is it a checksum. Does the journalist not know, or
perhaps not understand the difference? Or can each file have one or the
other (or even both).

        "...that is checked against the digital certificate. The idea is
        that if any of the files are tampered with, the cryptographic
        signature will no longer be valid."

A file with its own signature (if such a thing exists - see above)
should be individually tamper-proof.

        "However, Laurie said he had circumvented this measure by simply
        replacing the digital certificate and checksums with his own...

So perhaps the individual files only have checksums.

        "... This works because ..."

Make your mind up! A moment ago it was working because the files only
have checksums, and the card can opt-out of a DG14 signature check.

        "... the ICAO public key directory used by the government, which
        is supposed to authenticate the digital certificates centrally,
        has had no government input yet, he said."

So today's reader can only check the DG14 signature via ICAO's PKI, but
a future reader could verify it separately.

        "Laurie said he successfully managed to download all of the data
        from the chip, except for the fingerprint information.

I wonder what failed; is that data set too large for his current reader
technology or what?

        "He later created replacement fingerprint data from scratch
        using a biometric file standard called CBEFF."

Which we suppose is what the Home Office is expecting, and will drive
their thumbprint readers. Such data could be separately signed (but see
above), or watermarked, as another check?

-- 
Roland Perry


From lists at internetpolicyagency.com  Sun Aug  9 07:32:10 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Sun, 9 Aug 2009 07:32:10 +0100
Subject: ID Card Fail
In-Reply-To: <4A7E6567.8040803@ernest.net>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>
	<4A7DDE15.5010905@iosis.co.uk> <4A7E6567.8040803@ernest.net>
Message-ID: <rxfKlG2q1mfKFAcm@perry.co.uk>

In article <4A7E6567.8040803 at ernest.net>, Nicholas Bohm
<nbohm at ernest.net> writes
>Solving the problem would deprive HMG of the revenue from the Passport
>Validation Service.? Perhaps another perverse incentive at work?

        "The cost to business in fraudulent passports being used as
        proof of identity has risen to more than ?1billion."

Anyone got a breakdown of where that missing ?1BN is going?

(And is it per year, or cumulative over time).

Is it "fake people" taking out loans (and mortgages) then disappearing
into the sunset, or are these forged passports allowing the fraudsters
to purport to be someone else, whose assets are then spirited away?
-- 
Roland Perry


From igb at batten.eu.org  Sun Aug  9 13:17:49 2009
From: igb at batten.eu.org (Ian Batten)
Date: Sun, 9 Aug 2009 13:17:49 +0100
Subject: ID Card Fail
In-Reply-To: <732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
Message-ID: <2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>


On 8 Aug 2009, at 17:23, Benjamin Donnachie wrote:
>
> Yes the card they designed worked with some software they downloaded
> from the Internet, but by their own admission it was not an official
> reader and did not have the Government's public key.


So it's secure so long as there are no card readers in existence other  
than the official ones?  Yes, I can see that working.  Isn't the idea  
of security that it can _only_ be read with official readers, or am I  
missing something?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090809/2f65efa2/attachment.htm>

From igb at batten.eu.org  Sun Aug  9 13:51:41 2009
From: igb at batten.eu.org (Ian Batten)
Date: Sun, 9 Aug 2009 13:51:41 +0100
Subject: ID Card Fail
In-Reply-To: <rxfKlG2q1mfKFAcm@perry.co.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>
	<4A7DDE15.5010905@iosis.co.uk> <4A7E6567.8040803@ernest.net>
	<rxfKlG2q1mfKFAcm@perry.co.uk>
Message-ID: <FA47A732-47CA-4996-A3D1-56F9F8AB89D0@batten.eu.org>


On 9 Aug 2009, at 07:32, Roland Perry wrote:

> In article <4A7E6567.8040803 at ernest.net>, Nicholas Bohm
> <nbohm at ernest.net> writes
>> Solving the problem would deprive HMG of the revenue from the  
>> Passport
>> Validation Service.  Perhaps another perverse incentive at work?
>
>        "The cost to business in fraudulent passports being used as
>        proof of identity has risen to more than ?1billion."
>
> Anyone got a breakdown of where that missing ?1BN is going?
>
> (And is it per year, or cumulative over time).
>
> Is it "fake people" taking out loans (and mortgages) then disappearing
> into the sunset, or are these forged passports allowing the fraudsters
> to purport to be someone else, whose assets are then spirited away?

It's another of those numbers from thin air, surely?  The point about  
a mortgage is that it's secured over a property, which in turn has a  
set of deeds, so even if the mortgage is taken out by a fictional  
person there is still an asset behind it.  That asset may be over- 
valued, but that's a separate problem.   A billion pounds would be a  
hundred thousand instances of a ten thousand pound unsecured loan,  
which seems implausible.

From nbohm at ernest.net  Sun Aug  9 14:10:32 2009
From: nbohm at ernest.net (Nicholas Bohm)
Date: Sun, 09 Aug 2009 14:10:32 +0100
Subject: ID Card Fail
In-Reply-To: <FA47A732-47CA-4996-A3D1-56F9F8AB89D0@batten.eu.org>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>	<4A7DDE15.5010905@iosis.co.uk>
	<4A7E6567.8040803@ernest.net>	<rxfKlG2q1mfKFAcm@perry.co.uk>
	<FA47A732-47CA-4996-A3D1-56F9F8AB89D0@batten.eu.org>
Message-ID: <4A7ECAC8.9010405@ernest.net>

An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090809/6d2179e5/attachment.htm>

From pwt at iosis.co.uk  Sun Aug  9 14:11:12 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Sun, 09 Aug 2009 14:11:12 +0100
Subject: ID Card Fail
In-Reply-To: <2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
Message-ID: <4A7ECAF0.9070306@iosis.co.uk>

Ian Batten wrote:
> On 8 Aug 2009, at 17:23, Benjamin Donnachie wrote:
>> Yes the card they designed worked with some software they downloaded
>> from the Internet, but by their own admission it was not an official
>> reader and did not have the Government's public key.
> So it's secure so long as there are no card readers in existence other 
> than the official ones?  Yes, I can see that working.  Isn't the idea 
> of security that it can _only_ be read with official readers, or am I 
> missing something?
No, it appears to be easy to read, but can only be verified as authentic 
if the govt's public key is available to the card reader. (No such 
readers, which is why I referred to the McNulty call centre, or rather 
why McN referred us to the call centre.)

Are our passports just the same? Last time I travelled from Paris (the 
day that Eurostar opened up in St Pancras, by chance and good luck - 
someone gave me a ticket to come home by Eurostar rather than use my 
return Easyjet ticket) there appeared to be readers in the British 
border control booth at Gare du Nord. If those readers didn't have the 
public key, HMG was relying on the physical security methods built in to 
the passports, and so the gear would just be doing an optical analysis.

Peter




From nbohm at ernest.net  Sun Aug  9 14:14:31 2009
From: nbohm at ernest.net (Nicholas Bohm)
Date: Sun, 09 Aug 2009 14:14:31 +0100
Subject: ID Card Fail
In-Reply-To: <2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
Message-ID: <4A7ECBB7.3040303@ernest.net>

An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090809/4ef823ff/attachment.htm>

From lists at internetpolicyagency.com  Sun Aug  9 15:49:10 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Sun, 9 Aug 2009 15:49:10 +0100
Subject: ID Card Fail
In-Reply-To: <FA47A732-47CA-4996-A3D1-56F9F8AB89D0@batten.eu.org>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>
	<4A7DDE15.5010905@iosis.co.uk> <4A7E6567.8040803@ernest.net>
	<rxfKlG2q1mfKFAcm@perry.co.uk>
	<FA47A732-47CA-4996-A3D1-56F9F8AB89D0@batten.eu.org>
Message-ID: <x78sXm8mHufKFAe1@perry.co.uk>

In article <FA47A732-47CA-4996-A3D1-56F9F8AB89D0 at batten.eu.org>, Ian 
Batten <igb at batten.eu.org> writes
>The point about  a mortgage is that it's secured over a property, which 
>in turn has a  set of deeds, so even if the mortgage is taken out by a 
>fictional  person there is still an asset behind it.

I've not studied mortgage fraud in detail, but I thought[1] it involves 
a crooked solicitor helping you raise a loan on a fictional property.

(But that begs the question of why a forged passport would help you, 
because you are already in cahoots with the person whose job it is to 
check it).

[1] Other than when it's simply "bigging up" your credit rating.
-- 
Roland Perry


From igb at batten.eu.org  Sun Aug  9 21:12:43 2009
From: igb at batten.eu.org (Ian Batten)
Date: Sun, 9 Aug 2009 21:12:43 +0100
Subject: ID Card Fail
In-Reply-To: <4A7ECAF0.9070306@iosis.co.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
	<4A7ECAF0.9070306@iosis.co.uk>
Message-ID: <800250E9-21DC-4E67-A67B-B032EF2D448B@batten.eu.org>

The German system that someone linked to a few days ago claimed to  
have provision so that only an authorised reader could extract bulk  
information.  Clearly not in this case.

ian

On 9 Aug 2009, at 14:11, Peter Tomlinson wrote:

> Ian Batten wrote:
>> On 8 Aug 2009, at 17:23, Benjamin Donnachie wrote:
>>> Yes the card they designed worked with some software they downloaded
>>> from the Internet, but by their own admission it was not an official
>>> reader and did not have the Government's public key.
>> So it's secure so long as there are no card readers in existence  
>> other than the official ones?  Yes, I can see that working.  Isn't  
>> the idea of security that it can _only_ be read with official  
>> readers, or am I missing something?
> No, it appears to be easy to read, but can only be verified as  
> authentic if the govt's public key is available to the card reader.  
> (No such readers, which is why I referred to the McNulty call  
> centre, or rather why McN referred us to the call centre.)
>
> Are our passports just the same? Last time I travelled from Paris  
> (the day that Eurostar opened up in St Pancras, by chance and good  
> luck - someone gave me a ticket to come home by Eurostar rather than  
> use my return Easyjet ticket) there appeared to be readers in the  
> British border control booth at Gare du Nord. If those readers  
> didn't have the public key, HMG was relying on the physical security  
> methods built in to the passports, and so the gear would just be  
> doing an optical analysis.
>
> Peter
>
>
>



From chl at clerew.man.ac.uk  Mon Aug 10 11:43:46 2009
From: chl at clerew.man.ac.uk (Charles Lindsey)
Date: Mon, 10 Aug 2009 11:43:46 +0100
Subject: Question for SImnon (was ID Card Fail)
In-Reply-To: <4A7ECAF0.9070306@iosis.co.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
	<4A7ECAF0.9070306@iosis.co.uk>
Message-ID: <op.uyfz28ke6hl8nm@clerew.man.ac.uk>

On Sun, 09 Aug 2009 14:11:12 +0100, Peter Tomlinson <pwt at iosis.co.uk>  
wrote:

> No, it appears to be easy to read, but can only be verified as authentic  
> if the govt's public key is available to the card reader. (No such  
> readers, which is why I referred to the McNulty call centre, or rather  
> why McN referred us to the call centre.)

Which brings us straight back to security by obscurity.

The format of these cards is widely published. So you don't need an  
"official" reader (and why should you trust such a device, even if it were  
available). All you actually need is the Public Key uses to authenticate  
the data. And what on earth is the use of a Public Key if it is not Public?

So, Simon is on this list; here is a question for him:

  "What is the fingerprint of the Public Key used to authenticate the  
current
   ID cards issued to visiting foreigners?"
  "And ditto for UK-issued Passports, if it is a different key".

At least let us have the information published on this list, even if it is  
not available anywhere else (I gather the ICAO list if "futureware").

-- 
Charles?H.?Lindsey?---------At?Home,?doing?my?own?thing------------------------
Tel:?+44?161?436?6131?                      
???Web:?http://www.cs.man.ac.uk/~chl
Email:?chl at clerew.man.ac.uk??????Snail:?5?Clerewood?Ave,?CHEADLE,?SK8?3JU,?U.K.
PGP:?2C15F1A9??????Fingerprint:?73?6D?C2?51?93?A0?01?E7?65?E8?64?7E?14?A4?AB?A5


From nbohm at ernest.net  Mon Aug 10 12:00:25 2009
From: nbohm at ernest.net (Nicholas Bohm)
Date: Mon, 10 Aug 2009 12:00:25 +0100
Subject: Question for SImnon (was ID Card Fail)
In-Reply-To: <op.uyfz28ke6hl8nm@clerew.man.ac.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>	<4A7ECAF0.9070306@iosis.co.uk>
	<op.uyfz28ke6hl8nm@clerew.man.ac.uk>
Message-ID: <4A7FFDC9.5010800@ernest.net>

An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090810/5aa13146/attachment.htm>

From igb at batten.eu.org  Mon Aug 10 14:21:04 2009
From: igb at batten.eu.org (Ian Batten)
Date: Mon, 10 Aug 2009 14:21:04 +0100 (BST)
Subject: Question for SImnon (was ID Card Fail)
In-Reply-To: <4A7FFDC9.5010800@ernest.net>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
	<4A7ECAF0.9070306@iosis.co.uk> <op.uyfz28ke6hl8nm@clerew.man.ac.uk>
	<4A7FFDC9.5010800@ernest.net>
Message-ID: <adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>

On Mon, August 10, 2009 12:00, Nicholas Bohm wrote:
>
> An uncomplicated solution would be to put the public key on a sensibly
> labelled URL and publish the key fingerprint at intervals in the London
> Gazette to give a reasonable assurance of genuineness.

What's the current thinking on the ability of a miscreant to produce a key
that he controls whose public key has a specified fingerprint?



From Ray.Bellis at nominet.org.uk  Mon Aug 10 14:29:14 2009
From: Ray.Bellis at nominet.org.uk (Ray.Bellis at nominet.org.uk)
Date: Mon, 10 Aug 2009 14:29:14 +0100
Subject: Question for SImnon (was ID Card Fail)
In-Reply-To: <adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>	<4A7ECAF0.9070306@iosis.co.uk>
	<op.uyfz28ke6hl8nm@clerew.man.ac.uk> <4A7FFDC9.5010800@ernest.net>
	<adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>
Message-ID: <OF0B58AFEA.89A2E11D-ON8025760E.0049D522-8025760E.004A16A0@nominet.org.uk>

> What's the current thinking on the ability of a miscreant to produce a 
key
> that he controls whose public key has a specified fingerprint?

As far as I know, it has already been done for an MD5 fingerprint, using a 
large network of machines to generate the key and spoof a 
browser-supported CA:

  http://www.win.tue.nl/hashclash/rogue-ca/

I've seen nothing to suggest that SHA-1 has suffered the same fate (nor 
will do so any time soon), although SHA-1 is being deprecated by NIST (US 
gov agency) in favour of SHA-2 and whatever SHA-3 will be.

Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090810/b939628d/attachment.htm>

From Ray.Bellis at nominet.org.uk  Mon Aug 10 14:55:37 2009
From: Ray.Bellis at nominet.org.uk (Ray.Bellis at nominet.org.uk)
Date: Mon, 10 Aug 2009 14:55:37 +0100
Subject: Question for SImnon (was ID Card Fail)
In-Reply-To: <OF0B58AFEA.89A2E11D-ON8025760E.0049D522-8025760E.004A16A0@nominet.org.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
	<4A7ECAF0.9070306@iosis.co.uk>	<op.uyfz28ke6hl8nm@clerew.man.ac.uk>
	<4A7FFDC9.5010800@ernest.net>
	<adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>
	<OF0B58AFEA.89A2E11D-ON8025760E.0049D522-8025760E.004A16A0@nominet.org.uk>
Message-ID: <OF4979E407.854A30B4-ON8025760E.004C5D99-8025760E.004C8122@nominet.org.uk>

> > What's the current thinking on the ability of a miscreant to produce a 
key
> > that he controls whose public key has a specified fingerprint?
> 
> As far as I know, it has already been done for an MD5 fingerprint, 
> using a large network of machines to generate the key and spoof a 
> browser-supported CA: 

Actually, on re-reading Ian's e-mail I see he's probably already well 
aware of that :)

Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090810/ab80c345/attachment.htm>

From benjamin at py-soft.co.uk  Mon Aug 10 22:30:31 2009
From: benjamin at py-soft.co.uk (Benjamin Donnachie)
Date: Mon, 10 Aug 2009 17:30:31 -0400
Subject: ID Card Fail
In-Reply-To: <800250E9-21DC-4E67-A67B-B032EF2D448B@batten.eu.org>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
	<4A7ECAF0.9070306@iosis.co.uk>
	<800250E9-21DC-4E67-A67B-B032EF2D448B@batten.eu.org>
Message-ID: <732076a80908101430v5195f84cpfdd4f0daff5dc345@mail.gmail.com>

The prospect of a hash clash has started to sway me...  but I would
still need proof of it working with the official certificate.

Ben


From signup at bealoid.co.uk  Tue Aug 11 09:59:04 2009
From: signup at bealoid.co.uk (signup at bealoid.co.uk)
Date: Tue, 11 Aug 2009 09:59:04 +0100
Subject: securing distributed partial medical records?
In-Reply-To: <TGuxlMBKbZcKFwBI@tigers.demon.co.uk>
References: <mailman.4954.1248716143.25782.ukcrypto@chiark.greenend.org.uk>
	<TGuxlMBKbZcKFwBI@tigers.demon.co.uk>
Message-ID: <20090811095904.16351bzrmsj3fapw@webmail01.purplecloud.com>

Quoting Mary Hawking <maryhawking at tigers.demon.co.uk>:

[snip]

> Why do you need standardisation on one GP system to allow systems to  
> interrogate one another?

Okay, you don't.  But you do need some standards to make sensible  
queries produce sensible responses.

> And why limit everything to GP records?

I haven't been doing this.  I am suggesting that if a GP has a  
patient's notes and if the GP "gatekeeps" access to other services  
it's probably a good idea if the GP is given all the information.   
This allows them to pass information to other clinicians while keeping  
an eye on what's happening to their patient.

For example: GPs often run reports asking for patients on  
contra-indicated medications - this is easier to do if people are  
sending electronic notes than if people are posting blurry photocopies  
of scrawled notes.

> I agree that getting access to non-existent hospital and community  
> records electronically is not, at present , very high on a GP agenda  
> due to lack of records: ICE (pathology) is a different matter...

> Mary Hawking
> (Also a GP)

One thing I haven't mentioned is the difference between hosted servers  
and 'owned' servers.  From the little I know some software tends to  
use servers installed at the GP practice, while some other systems  
(eg: 'System One'?) tend to use hosted servers.

It's gently worrying that the people selling System One say that  
hosted servers are better for sharing data between GP surgeries and  
Darzi centres.  I'm only keen on easy sharing of data if the people  
doing it are clueful about  controlling that information.



From chl at clerew.man.ac.uk  Tue Aug 11 11:24:30 2009
From: chl at clerew.man.ac.uk (Charles Lindsey)
Date: Tue, 11 Aug 2009 11:24:30 +0100
Subject: Question for SImnon (was ID Card Fail)
In-Reply-To: <adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
	<4A7ECAF0.9070306@iosis.co.uk> <op.uyfz28ke6hl8nm@clerew.man.ac.uk>
	<4A7FFDC9.5010800@ernest.net>
	<adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>
Message-ID: <op.uyhtu4qx6hl8nm@clerew.man.ac.uk>

On Mon, 10 Aug 2009 14:21:04 +0100, Ian Batten <igb at batten.eu.org> wrote:

> On Mon, August 10, 2009 12:00, Nicholas Bohm wrote:
>>
>> An uncomplicated solution would be to put the public key on a sensibly
>> labelled URL and publish the key fingerprint at intervals in the London
>> Gazette to give a reasonable assurance of genuineness.
>
> What's the current thinking on the ability of a miscreant to produce a  
> key
> that he controls whose public key has a specified fingerprint?

Exceedingly difficult, I should hope.

Since otherwise all current Public Key Cryptography (certainly for  
authentication purposes) is already worthless.

(One assumes some reasonable level of cryptographic competence in the  
setting up the sysyem, of course).

-- 
Charles?H.?Lindsey?---------At?Home,?doing?my?own?thing------------------------
Tel:?+44?161?436?6131?                      
???Web:?http://www.cs.man.ac.uk/~chl
Email:?chl at clerew.man.ac.uk??????Snail:?5?Clerewood?Ave,?CHEADLE,?SK8?3JU,?U.K.
PGP:?2C15F1A9??????Fingerprint:?73?6D?C2?51?93?A0?01?E7?65?E8?64?7E?14?A4?AB?A5


From igb at batten.eu.org  Tue Aug 11 11:54:41 2009
From: igb at batten.eu.org (Ian Batten)
Date: Tue, 11 Aug 2009 11:54:41 +0100
Subject: Question for SImnon (was ID Card Fail)
In-Reply-To: <op.uyhtu4qx6hl8nm@clerew.man.ac.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
	<4A7ECAF0.9070306@iosis.co.uk> <op.uyfz28ke6hl8nm@clerew.man.ac.uk>
	<4A7FFDC9.5010800@ernest.net>
	<adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>
	<op.uyhtu4qx6hl8nm@clerew.man.ac.uk>
Message-ID: <0ADE69A3-FF0C-4D8B-A4A1-AC48B5993704@batten.eu.org>

>>
>> What's the current thinking on the ability of a miscreant to  
>> produce a key
>> that he controls whose public key has a specified fingerprint?
>
> Exceedingly difficult, I should hope.

They're only as strong as the hash primitive that's used, surely?


From Ray.Bellis at nominet.org.uk  Tue Aug 11 12:22:10 2009
From: Ray.Bellis at nominet.org.uk (Ray.Bellis at nominet.org.uk)
Date: Tue, 11 Aug 2009 12:22:10 +0100
Subject: Question for SImnon (was ID Card Fail)
In-Reply-To: <0ADE69A3-FF0C-4D8B-A4A1-AC48B5993704@batten.eu.org>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
	<4A7ECAF0.9070306@iosis.co.uk>
	<op.uyfz28ke6hl8nm@clerew.man.ac.uk>	<4A7FFDC9.5010800@ernest.net>
	<adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>	<op.uyhtu4qx6hl8nm@clerew.man.ac.uk>
	<0ADE69A3-FF0C-4D8B-A4A1-AC48B5993704@batten.eu.org>
Message-ID: <OF031DDAA0.3F1DF5A0-ON8025760F.003DB4C4-8025760F.003E7471@nominet.org.uk>

> They're only as strong as the hash primitive that's used, surely?

Yes, but even so it's still actually very difficult to engineer a hash 
collision that would allow you to obtain another certificate that has the 
same hash.

If you look at the link I sent yesterday,  you'll see that in their case 
they were really only able to manage it because the SSL supplier involved 
used (uses?) sequential certificate IDs, so they were able to predict a 
theoretically unknown part of the supplier generated information quite 
accurately.

If the SSL supplier had instead used a crypto-strength PRNG for the 
certificate ID field it would probably have made the process several 
orders of magnitude more difficult.

Ray

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090811/5215e81d/attachment.htm>

From nbohm at ernest.net  Tue Aug 11 14:08:09 2009
From: nbohm at ernest.net (Nicholas Bohm)
Date: Tue, 11 Aug 2009 14:08:09 +0100
Subject: ID Card Fail
In-Reply-To: <4A7ECBB7.3040303@ernest.net>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
	<4A7ECBB7.3040303@ernest.net>
Message-ID: <4A816D39.4010205@ernest.net>

An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090811/3644ff63/attachment.htm>

From fw at deneb.enyo.de  Wed Aug 12 07:25:52 2009
From: fw at deneb.enyo.de (Florian Weimer)
Date: Wed, 12 Aug 2009 08:25:52 +0200
Subject: Question for SImnon
In-Reply-To: <OF0B58AFEA.89A2E11D-ON8025760E.0049D522-8025760E.004A16A0@nominet.org.uk>
	(Ray Bellis's message of "Mon, 10 Aug 2009 14:29:14 +0100")
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
	<4A7ECAF0.9070306@iosis.co.uk> <op.uyfz28ke6hl8nm@clerew.man.ac.uk>
	<4A7FFDC9.5010800@ernest.net>
	<adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>
	<OF0B58AFEA.89A2E11D-ON8025760E.0049D522-8025760E.004A16A0@nominet.org.uk>
Message-ID: <87k519blan.fsf@mid.deneb.enyo.de>

* Ray Bellis:

>> What's the current thinking on the ability of a miscreant to produce a 
> key
>> that he controls whose public key has a specified fingerprint?
>
> As far as I know, it has already been done for an MD5 fingerprint, using a 
> large network of machines to generate the key and spoof a 
> browser-supported CA:
>
>   http://www.win.tue.nl/hashclash/rogue-ca/

This doesn't match the "specified fingerprint" requirement.


From Ray.Bellis at nominet.org.uk  Wed Aug 12 09:57:14 2009
From: Ray.Bellis at nominet.org.uk (Ray.Bellis at nominet.org.uk)
Date: Wed, 12 Aug 2009 09:57:14 +0100
Subject: Question for SImnon
In-Reply-To: <87k519blan.fsf@mid.deneb.enyo.de>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
	<4A7ECAF0.9070306@iosis.co.uk>
	<op.uyfz28ke6hl8nm@clerew.man.ac.uk>	<4A7FFDC9.5010800@ernest.net>
	<adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>	<OF0B58AFEA.89A2E11D-ON8025760E.0049D522-80
	<87k519blan.fsf@mid.deneb.enyo.de>
Message-ID: <OF8269DB32.E0AA23D8-ON80257610.00311BFB-80257610.00312F95@nominet.org.uk>

> >   http://www.win.tue.nl/hashclash/rogue-ca/
> 
> This doesn't match the "specified fingerprint" requirement.

It doesn't?  I thought the whole point of the attack was to produce a new 
X.509 cert which has the same MD5 fingerprint as an existing cert.

Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090812/e05ae488/attachment.htm>

From lists at internetpolicyagency.com  Wed Aug 12 10:20:56 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Wed, 12 Aug 2009 10:20:56 +0100
Subject: Question for SImnon
In-Reply-To: <OF8269DB32.E0AA23D8-ON80257610.00311BFB-80257610.00312F95@nominet.org.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
	<4A7ECAF0.9070306@iosis.co.uk> <op.uyfz28ke6hl8nm@clerew.man.ac.uk>
	<4A7FFDC9.5010800@ernest.net>
	<adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>
	<87k519blan.fsf@mid.deneb.enyo.de>
	<OF8269DB32.E0AA23D8-ON80257610.00311BFB-80257610.00312F95@nominet.org.uk>
Message-ID: <TeU0ekw4logKFABk@perry.co.uk>

In article 
<OF8269DB32.E0AA23D8-ON80257610.00311BFB-80257610.00312F95 at nominet.org.uk
 >, Ray.Bellis at nominet.org.uk writes
> ?I thought the whole point of the attack was to produce a new X.509 
>cert which has the same MD5 fingerprint as an existing cert

How easy is that? The sort of thing you do in a weekend, or is it '100 
years with a CIA supercomputer' territory?
-- 
Roland Perry


From amidgley at gmail.com  Wed Aug 12 10:24:26 2009
From: amidgley at gmail.com (Adrian Midgley)
Date: Wed, 12 Aug 2009 10:24:26 +0100
Subject: ID Card Fail
In-Reply-To: <4A7DDE15.5010905@iosis.co.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>
	<4A7DDE15.5010905@iosis.co.uk>
Message-ID: <4A828A4A.1070300@gmail.com>

Peter Tomlinson wrote:

> The idea then was to have a global key server that held the public keys
> for every country's chip passports, and during a break a few of us
> thought about this and decided that, with ICAO in charge, it would not
> be long before such a key server was compromised, and maybe even an
> entirely fictititious country installed there.

Do you mean private keys?
Am I missing something if I don't see why distribution of public keys
would be a problem?




From matthew at pemble.net  Wed Aug 12 10:25:25 2009
From: matthew at pemble.net (Matthew Pemble)
Date: Wed, 12 Aug 2009 10:25:25 +0100
Subject: Question for SImnon
In-Reply-To: <OF8269DB32.E0AA23D8-ON80257610.00311BFB-80257610.00312F95@nominet.org.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
	<4A7ECAF0.9070306@iosis.co.uk> <op.uyfz28ke6hl8nm@clerew.man.ac.uk>
	<4A7FFDC9.5010800@ernest.net>
	<adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>
	<87k519blan.fsf@mid.deneb.enyo.de>
	<OF8269DB32.E0AA23D8-ON80257610.00311BFB-80257610.00312F95@nominet.org.uk>
Message-ID: <d0187090908120225k51d08ab1w69321651776aeb84@mail.gmail.com>

2009/8/12 <Ray.Bellis at nominet.org.uk>

>
> > >   http://www.win.tue.nl/hashclash/rogue-ca/
> >
> > This doesn't match the "specified fingerprint" requirement.
>
> It doesn't?  I thought the whole point of the attack was to produce a new
> X.509 cert which has the same MD5 fingerprint as an existing cert.
>
> Ray
>

But that example was when the genuine and false certificates were both in
the control of the researchers.  Our fraudster would have a harder job
getting the collision with the putative HMG root certificate, if I have read
the research correctly (my maths really isn't up to discussions with
cryptographers), even if the HMG root was MD5 rather than SHA-1 hashed.


-- 
Matthew Pemble
Technical Director, Idrach Ltd

Mobile: +44 (0) 7595 652175
Office: + 44 (0) 1324 820690
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090812/9b6e27ba/attachment.htm>

From Ray.Bellis at nominet.org.uk  Wed Aug 12 10:36:00 2009
From: Ray.Bellis at nominet.org.uk (Ray.Bellis at nominet.org.uk)
Date: Wed, 12 Aug 2009 10:36:00 +0100
Subject: Question for SImnon
In-Reply-To: <d0187090908120225k51d08ab1w69321651776aeb84@mail.gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>	<4A7ECAF0.9070306@iosis.co.uk>
	<op.uyfz28ke6hl8nm@clerew.man.ac.uk>
	<4A7FFDC9.5010800@ernest.net>	<adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>
	<87k519blan.fsf@mid.deneb.enyo.de>	<OF8269DB32.E0AA23D8-ON80257610.00311BFB-80257610.00312F95@nominet.org.uk>
	<d0187090908120225k51d08ab1w69321651776aeb84@mail.gmail.com>
Message-ID: <OF547FEB41.317964F0-ON80257610.00346245-80257610.0034BC4A@nominet.org.uk>

> But that example was when the genuine and false certificates were 
> both in the control of the researchers.

Sorry, yes, you're right.  They didn't manage to create a cert matching a 
known key, but a pair of certs engineered to have the same key.

Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090812/b18dde75/attachment.htm>

From lists at internetpolicyagency.com  Wed Aug 12 10:37:50 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Wed, 12 Aug 2009 10:37:50 +0100
Subject: ID Card Fail
In-Reply-To: <4A828A4A.1070300@gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>
	<4A7DDE15.5010905@iosis.co.uk> <4A828A4A.1070300@gmail.com>
Message-ID: <r+R6GFyu1ogKFAE6@perry.co.uk>

In article <4A828A4A.1070300 at gmail.com>, Adrian Midgley 
<amidgley at gmail.com> writes
>> The idea then was to have a global key server that held the public keys
>> for every country's chip passports, and during a break a few of us
>> thought about this and decided that, with ICAO in charge, it would not
>> be long before such a key server was compromised, and maybe even an
>> entirely fictititious country installed there.
>
>Do you mean private keys?
>Am I missing something if I don't see why distribution of public keys
>would be a problem?

Depends what risk you are talking about.

If the bad guys succeed in replacing the public key of a major country 
with a false one, every airport using this technology would immediately 
seize up as a result of rejected passports. That might be as much harm 
as they were trying to do. Or possibly sneak some terrorists in under 
cover of the ensuing chaos and manual processing.
-- 
Roland Perry


From nbohm at ernest.net  Wed Aug 12 10:46:02 2009
From: nbohm at ernest.net (Nicholas Bohm)
Date: Wed, 12 Aug 2009 10:46:02 +0100
Subject: ID Card Fail
In-Reply-To: <4A828A4A.1070300@gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>	<4A7DDE15.5010905@iosis.co.uk>
	<4A828A4A.1070300@gmail.com>
Message-ID: <4A828F5A.3070206@ernest.net>

An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090812/4bd72ad5/attachment-0001.htm>

From DaveHowe at gmx.co.uk  Wed Aug 12 10:55:04 2009
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Wed, 12 Aug 2009 10:55:04 +0100
Subject: Question for SImnon (was ID Card Fail)
In-Reply-To: <adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>	<4A7ECAF0.9070306@iosis.co.uk>
	<op.uyfz28ke6hl8nm@clerew.man.ac.uk>	<4A7FFDC9.5010800@ernest.net>
	<adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>
Message-ID: <4A829178.5090102@gmx.co.uk>

Ian Batten wrote:
> On Mon, August 10, 2009 12:00, Nicholas Bohm wrote:
>> An uncomplicated solution would be to put the public key on a sensibly
>> labelled URL and publish the key fingerprint at intervals in the London
>> Gazette to give a reasonable assurance of genuineness.
> 
> What's the current thinking on the ability of a miscreant to produce a key
> that he controls whose public key has a specified fingerprint?

My understanding was that you could, by brute force, produce a pair of
files (and hence, certificates) with the same hash, but not control what
that hash would be (and hence match an existing hash)?

Although I guess brute force and pure dumb luck could find a match
regardless...


From matthew at pemble.net  Wed Aug 12 11:05:15 2009
From: matthew at pemble.net (Matthew Pemble)
Date: Wed, 12 Aug 2009 11:05:15 +0100
Subject: Question for SImnon
In-Reply-To: <TeU0ekw4logKFABk@perry.co.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
	<4A7ECAF0.9070306@iosis.co.uk> <op.uyfz28ke6hl8nm@clerew.man.ac.uk>
	<4A7FFDC9.5010800@ernest.net>
	<adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>
	<87k519blan.fsf@mid.deneb.enyo.de>
	<OF8269DB32.E0AA23D8-ON80257610.00311BFB-80257610.00312F95@nominet.org.uk>
	<TeU0ekw4logKFABk@perry.co.uk>
Message-ID: <d0187090908120305x71005d85ne86acced5abb882c@mail.gmail.com>

2009/8/12 Roland Perry <lists at internetpolicyagency.com>

> In article <
> OF8269DB32.E0AA23D8-ON80257610.00311BFB-80257610.00312F95 at nominet.org.uk
> >, Ray.Bellis at nominet.org.uk writes
>
>>  I thought the whole point of the attack was to produce a new X.509 cert
>> which has the same MD5 fingerprint as an existing cert
>>
>
> How easy is that? The sort of thing you do in a weekend, or is it '100
> years with a CIA supercomputer' territory?
>

"The most computationally intensive part of our method required about 3 days
of work with over 200 game consoles *(PS3s)*, which is equivalent to 32
years of computing on a typical desktop computer", for MD-5 according to the
researchers.



-- 
Matthew Pemble
Technical Director, Idrach Ltd

Mobile: +44 (0) 7595 652175
Office: + 44 (0) 1324 820690
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090812/629f48ce/attachment.htm>

From lists at internetpolicyagency.com  Wed Aug 12 11:22:03 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Wed, 12 Aug 2009 11:22:03 +0100
Subject: Question for SImnon
In-Reply-To: <d0187090908120305x71005d85ne86acced5abb882c@mail.gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
	<4A7ECAF0.9070306@iosis.co.uk> <op.uyfz28ke6hl8nm@clerew.man.ac.uk>
	<4A7FFDC9.5010800@ernest.net>
	<adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>
	<87k519blan.fsf@mid.deneb.enyo.de>
	<OF8269DB32.E0AA23D8-ON80257610.00311BFB-80257610.00312F95@nominet.org.uk>
	<TeU0ekw4logKFABk@perry.co.uk>
	<d0187090908120305x71005d85ne86acced5abb882c@mail.gmail.com>
Message-ID: <pt4KSn4LfpgKFAUW@perry.co.uk>

In article <d0187090908120305x71005d85ne86acced5abb882c at mail.gmail.com>, 
Matthew Pemble <matthew at pemble.net> writes
>?I thought the whole point of the attack was to produce a new X.509 
>cert which has the same MD5 fingerprint as an existing cert
>
>How easy is that? The sort of thing you do in a weekend, or is it '100 
>years with a CIA supercomputer' territory?
>
>"The most computationally intensive part of our method required about 3 
>days of work with over 200 game consoles (PS3s), which is equivalent to 
>32 years of computing on a typical desktop computer", for MD-5 
>according to the researchers

But that appears to be part of a scheme to get *any* two matching 
(colliding) certs, not the much harder task of getting a match/collision 
with a specified existing cert.
-- 
Roland Perry


From chl at clerew.man.ac.uk  Wed Aug 12 13:09:38 2009
From: chl at clerew.man.ac.uk (Charles Lindsey)
Date: Wed, 12 Aug 2009 13:09:38 +0100
Subject: Question for SImnon (was ID Card Fail)
In-Reply-To: <0ADE69A3-FF0C-4D8B-A4A1-AC48B5993704@batten.eu.org>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2A78E759-3442-40A9-B95D-D7EC7BB2E313@batten.eu.org>
	<4A7ECAF0.9070306@iosis.co.uk> <op.uyfz28ke6hl8nm@clerew.man.ac.uk>
	<4A7FFDC9.5010800@ernest.net>
	<adbd67b078b2c06f388cccd6fe330ba9.squirrel@mail.batten.eu.org>
	<op.uyhtu4qx6hl8nm@clerew.man.ac.uk>
	<0ADE69A3-FF0C-4D8B-A4A1-AC48B5993704@batten.eu.org>
Message-ID: <op.uyjtecia6hl8nm@clerew.man.ac.uk>

On Tue, 11 Aug 2009 11:54:41 +0100, Ian Batten <igb at batten.eu.org> wrote:

>>>
>>> What's the current thinking on the ability of a miscreant to produce a  
>>> key
>>> that he controls whose public key has a specified fingerprint?
>>
>> Exceedingly difficult, I should hope.
>
> They're only as strong as the hash primitive that's used, surely?

I think the fingerprint is primarily a representation of the public key,  
rather than an indication of whether MD5 or SHA-1 is to be used with it  
(but I have more knowledge of the format of PGP keys than of X509  
certificates).

But I think it is clear from these threads that if the Home Office were to  
publish a fingerprint of the key they used (or, better, the full key) to  
authenticate their ID cards, even if they were foolish enough to use MD5,  
the Bad Guys would be hard pressed to produce a false card apparently  
signed by that key.

On top of that, the public keys used by various National Passport/ID  
agencies ought to be available from many sources, including at least some  
official government site, in addition to whatever the ICAO might publish  
for routine use. That way, corruption of one or more of the sources would  
be more easily spotted.

-- 
Charles?H.?Lindsey?---------At?Home,?doing?my?own?thing------------------------
Tel:?+44?161?436?6131?                      
???Web:?http://www.cs.man.ac.uk/~chl
Email:?chl at clerew.man.ac.uk??????Snail:?5?Clerewood?Ave,?CHEADLE,?SK8?3JU,?U.K.
PGP:?2C15F1A9??????Fingerprint:?73?6D?C2?51?93?A0?01?E7?65?E8?64?7E?14?A4?AB?A5


From lists at internetpolicyagency.com  Thu Aug 13 08:07:51 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Thu, 13 Aug 2009 08:07:51 +0100
Subject: section 49 notices
Message-ID: <S$LkmL4Hv7gKFAzW@perry.co.uk>

        "Two people have been successfully prosecuted for refusing to
        provide authorities with their encryption keys, resulting in
        landmark convictions that may have carried jail sentences of up
        to five years."

http://www.theregister.co.uk/2009/08/11/ripa_iii_figures/

        "... all of the 15 section 49 notices served over the year -
        including the two that resulted in convictions - were in
        "counter terrorism, child indecency and domestic extremism"
        cases.

        "The Register has established that the woman served with the
        first section 49 notice, as part of an animal rights extremism
        investigation, was not one of those convicted for failing to
        comply. She was later convicted and jailed on blackmail charges.
-- 
Roland Perry


From davidh at spidacom.co.uk  Thu Aug 13 09:01:36 2009
From: davidh at spidacom.co.uk (David Hansen)
Date: Thu, 13 Aug 2009 09:01:36 +0100
Subject: section 49 notices
In-Reply-To: <S$LkmL4Hv7gKFAzW@perry.co.uk>
References: <S$LkmL4Hv7gKFAzW@perry.co.uk>
Message-ID: <4A83D670.12815.32BCD4@davidh.spidacom.co.uk>

On 13 Aug 2009 at 8:07, Roland Perry wrote:

> http://www.theregister.co.uk/2009/08/11/ripa_iii_figures/
> 
>         "... all of the 15 section 49 notices served over the year -
>         including the two that resulted in convictions - were in
>         "counter terrorism, child indecency and domestic extremism"
>         cases.

After they were found out [1] the NETCU web site suddenly stopped 
working for months. I see it is now back with a new definition of 
"domestic extremism" <http://www.netcu.org.uk/de/default.jsp>, one 
which no longer asserts that I and millions of others are domestic 
extremists for the "crime" of not being happy with every action of 
government/big business.

However, they still use the term 'single-issue', though it is in 
quotation marks, for things which are fare more than single issues.



[1] in the sense that they were found out over police activity against 
the Radley Lakes campaign. 
<http://www.guardian.co.uk/environment/georgemonbiot/2009/feb/13/george-
monbiot-police-protestors> has a summary. 


-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From lists at internetpolicyagency.com  Thu Aug 13 11:38:34 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Thu, 13 Aug 2009 11:38:34 +0100
Subject: section 49 notices
In-Reply-To: <4A83D670.12815.32BCD4@davidh.spidacom.co.uk>
References: <S$LkmL4Hv7gKFAzW@perry.co.uk>
	<4A83D670.12815.32BCD4@davidh.spidacom.co.uk>
Message-ID: <0ngtQ9Pq0+gKFAHB@perry.co.uk>

In article <4A83D670.12815.32BCD4 at davidh.spidacom.co.uk>, David Hansen 
<davidh at spidacom.co.uk> writes
>However, they still use the term 'single-issue', though it is in
>quotation marks, for things which are fare more than single issues.

They probably have in mind the protects over Huntingdon Life Sciences, 
where the single issue appears to be mistreatment of laboratory animals. 
They weren't, for example, complaining about the employment of foreign 
contractors there, or the carbon footprint implications of the site - to 
choose two recent domestic campaigns.
-- 
Roland Perry


From amidgley at gmail.com  Thu Aug 13 13:01:52 2009
From: amidgley at gmail.com (Adrian Midgley)
Date: Thu, 13 Aug 2009 13:01:52 +0100
Subject: ID Card Fail
In-Reply-To: <r+R6GFyu1ogKFAE6@perry.co.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>	<4A7DDE15.5010905@iosis.co.uk>
	<4A828A4A.1070300@gmail.com> <r+R6GFyu1ogKFAE6@perry.co.uk>
Message-ID: <4A8400B0.4010907@gmail.com>

Roland Perry wrote:
> In article <4A828A4A.1070300 at gmail.com>, Adrian Midgley
> <amidgley at gmail.com> writes
>>> The idea then was to have a global key server that held the public keys
>>> for every country's chip passports, and during a break a few of us
>>> thought about this and decided that, with ICAO in charge, it would not
>>> be long before such a key server was compromised, and maybe even an
>>> entirely fictititious country installed there.
>>
>> Do you mean private keys?
>> Am I missing something if I don't see why distribution of public keys
>> would be a problem?
> 
> Depends what risk you are talking about.
> 
> If the bad guys succeed in replacing the public key of a major country
> with a false one, every airport using this technology would immediately
> seize up as a result of rejected passports. That might be as much harm
> as they were trying to do. Or possibly sneak some terrorists in under
> cover of the ensuing chaos and manual processing.

It isn't obvious to me that distributing the correct key makes it
easier, or harder, to replace the public key of even a minor country.

I suppose if the key is _always used only_ from one server for the
world, rather than one server holding copies of all the keys, and they
being reloadable from it, that would become a point or route of attack,
but would anyone design the system that way?  How often should major
countries change their (private and public) keys, anyway?

Distributing the key would increase the number of targets that must be
compromised, nearly simultaneously, to make it difficult to see what had
happened, while allowing other people to make use of the documents
carrying keys signed with the other key.

Or again, am I missing something.


-- 
A






From k.brown at bbk.ac.uk  Thu Aug 13 14:06:05 2009
From: k.brown at bbk.ac.uk (ken)
Date: Thu, 13 Aug 2009 14:06:05 +0100
Subject: ID Card Fail
In-Reply-To: <4A8400B0.4010907@gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>	<4A7DDE15.5010905@iosis.co.uk>
	<4A828A4A.1070300@gmail.com> <r+R6GFyu1ogKFAE6@perry.co.uk>
	<4A8400B0.4010907@gmail.com>
Message-ID: <4A840FBD.3040800@bbk.ac.uk>

Adrian Midgley wrote:
>  How often should major
> countries change their (private and public) keys, anyway?

About as often as they change their flag?


From igb at batten.eu.org  Thu Aug 13 15:03:30 2009
From: igb at batten.eu.org (Ian Batten)
Date: Thu, 13 Aug 2009 15:03:30 +0100
Subject: ID Card Fail
In-Reply-To: <4A840FBD.3040800@bbk.ac.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>	<4A7DDE15.5010905@iosis.co.uk>
	<4A828A4A.1070300@gmail.com> <r+R6GFyu1ogKFAE6@perry.co.uk>
	<4A8400B0.4010907@gmail.com> <4A840FBD.3040800@bbk.ac.uk>
Message-ID: <DBDA0040-79C0-4BC8-8A5C-44597342590D@batten.eu.org>


On 13 Aug 09, at 1406, ken wrote:

> Adrian Midgley wrote:
>> How often should major
>> countries change their (private and public) keys, anyway?
>
> About as often as they change their flag?


So fairly frequently for chaotic states, infrequently for more settled  
ones?  The US flag last changed presumably after the accession of  
Hawaii to statehood in 1959, the UK flag in 1801.  The German flag I  
think dates to 1949 (surprisingly, I don't think it changed on  
reunification, but I could be wrong).  D'Estaing changed the blue of  
the tricolour.

Africa, though...

ian



From pwt at iosis.co.uk  Thu Aug 13 17:57:14 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Thu, 13 Aug 2009 17:57:14 +0100
Subject: ID Card Fail
In-Reply-To: <DBDA0040-79C0-4BC8-8A5C-44597342590D@batten.eu.org>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>	<4A7DDE15.5010905@iosis.co.uk>	<4A828A4A.1070300@gmail.com>
	<r+R6GFyu1ogKFAE6@perry.co.uk>	<4A8400B0.4010907@gmail.com>
	<4A840FBD.3040800@bbk.ac.uk>
	<DBDA0040-79C0-4BC8-8A5C-44597342590D@batten.eu.org>
Message-ID: <4A8445EA.6040209@iosis.co.uk>

Ian Batten wrote:
> On 13 Aug 09, at 1406, ken wrote:
>> Adrian Midgley wrote:
>>> How often should major
>>> countries change their (private and public) keys, anyway?
>> About as often as they change their flag?
> So fairly frequently for chaotic states, infrequently for more settled 
> ones?  The US flag last changed presumably after the accession of 
> Hawaii to statehood in 1959, the UK flag in 1801.  The German flag I 
> think dates to 1949 (surprisingly, I don't think it changed on 
> reunification, but I could be wrong).  D'Estaing changed the blue of 
> the tricolour.
>
> Africa, though...
How often should one roll key pairs? (For this is a PKI.) I have never 
been able to find a simple answer, but then I'm not inside the crypto 
risk management tent.

But I thought that I had writ that ICAO were trying to do everything on 
their own in the early days. At the time I'm sure that they had been 
thinking of a single global public key server - and, hearing about that 
at the ICAO and ISO SC17 meeting in London, 3 of us said that the risk 
was of it being compromised, perhaps by inserting a totally fictitious 
country.

Of course one has to keep each key pair alive for the lifetime of the 
last passport (or ID card) issued with it, plus some more to help with 
later investigations.

Is anyone willing to convince us that this verification meachanism can 
be trusted? (But its failure modes are going to be very different from 
the McNulty Call Centre method of verification.)

Peter




From DaveHowe at gmx.co.uk  Fri Aug 14 08:42:20 2009
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Fri, 14 Aug 2009 08:42:20 +0100
Subject: ID Card Fail
In-Reply-To: <4A8445EA.6040209@iosis.co.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>	<4A7DDE15.5010905@iosis.co.uk>	<4A828A4A.1070300@gmail.com>	<r+R6GFyu1ogKFAE6@perry.co.uk>	<4A8400B0.4010907@gmail.com>	<4A840FBD.3040800@bbk.ac.uk>	<DBDA0040-79C0-4BC8-8A5C-44597342590D@batten.eu.org>
	<4A8445EA.6040209@iosis.co.uk>
Message-ID: <4A85155C.9030400@gmx.co.uk>

Peter Tomlinson wrote:
> How often should one roll key pairs? (For this is a PKI.) I have never
> been able to find a simple answer, but then I'm not inside the crypto
> risk management tent.
> 
> But I thought that I had writ that ICAO were trying to do everything on
> their own in the early days. At the time I'm sure that they had been
> thinking of a single global public key server - and, hearing about that
> at the ICAO and ISO SC17 meeting in London, 3 of us said that the risk
> was of it being compromised, perhaps by inserting a totally fictitious
> country.


I don't see why there needs to even *be* a single reference server,
other than for convenience. Given most practical schemes are
hierarchical, you just need a central "root" certificate, available from
each country's own gov.cc site, which signs their top level cc key,
which can in turn sign issuing keys (with a known cc revocation point)
which then signs actual id documents.

about the only downside I can see would be that, if they were to use an
established scheme (and x509 is about the only one most will be aware
of, and the only one that is *only* strictly hierarchical) then you
would be effectively setting up each CC as a x509 CA, which is going to
put them into direct competition with the likes of verisign....


From pwt at iosis.co.uk  Fri Aug 14 09:36:22 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Fri, 14 Aug 2009 09:36:22 +0100
Subject: ID Card Fail
In-Reply-To: <4A85155C.9030400@gmx.co.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>	<4A7DDE15.5010905@iosis.co.uk>	<4A828A4A.1070300@gmail.com>	<r+R6GFyu1ogKFAE6@perry.co.uk>	<4A8400B0.4010907@gmail.com>	<4A840FBD.3040800@bbk.ac.uk>	<DBDA0040-79C0-4BC8-8A5C-44597342590D@batten.eu.org>	<4A8445EA.6040209@iosis.co.uk>
	<4A85155C.9030400@gmx.co.uk>
Message-ID: <4A852206.9080802@iosis.co.uk>

Dave Howe wrote:
> Peter Tomlinson wrote:
>   
>> How often should one roll key pairs? (For this is a PKI.) I have never
>> been able to find a simple answer, but then I'm not inside the crypto
>> risk management tent.
>>
>> But I thought that I had writ that ICAO were trying to do everything on
>> their own in the early days. At the time I'm sure that they had been
>> thinking of a single global public key server - and, hearing about that
>> at the ICAO and ISO SC17 meeting in London, 3 of us said that the risk
>> was of it being compromised, perhaps by inserting a totally fictitious
>> country.
>>     
> I don't see why there needs to even *be* a single reference server,
> other than for convenience. Given most practical schemes are
> hierarchical, you just need a central "root" certificate, available from
> each country's own gov.cc site, which signs their top level cc key,
> which can in turn sign issuing keys (with a known cc revocation point)
> which then signs actual id documents.
>
> about the only downside I can see would be that, if they were to use an
> established scheme (and x509 is about the only one most will be aware
> of, and the only one that is *only* strictly hierarchical) then you
> would be effectively setting up each CC as a x509 CA, which is going to
> put them into direct competition with the likes of verisign....
Surely we are discussing verifying passports & ID cards, not issuing 
them? That is why its the public keys that we are concerned with. And 
its offline verification of passports, with the option to go on line to 
a Verification Authority that, for example, an FE college might want or 
even have to do (an area why I was trying to help last year, in the 
sense of trying to assess whether they would have to be able to securely 
verify passports and ID cards - not much use cogitating about that, of 
course, if there is no way of getting hold of the public keys for 
offline use, or even no way of having at least an on-line service for 
one's own country's ID cards).

Peter




From igb at batten.eu.org  Fri Aug 14 11:44:24 2009
From: igb at batten.eu.org (Ian Batten)
Date: Fri, 14 Aug 2009 11:44:24 +0100
Subject: ID Card Fail
In-Reply-To: <4A8445EA.6040209@iosis.co.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>	<4A7DDE15.5010905@iosis.co.uk>	<4A828A4A.1070300@gmail.com>
	<r+R6GFyu1ogKFAE6@perry.co.uk>	<4A8400B0.4010907@gmail.com>
	<4A840FBD.3040800@bbk.ac.uk>
	<DBDA0040-79C0-4BC8-8A5C-44597342590D@batten.eu.org>
	<4A8445EA.6040209@iosis.co.uk>
Message-ID: <4D3AAA1B-B3D6-4BAD-93E7-A63C90C4534A@batten.eu.org>

>
> Of course one has to keep each key pair alive for the lifetime of  
> the last passport (or ID card) issued with it, plus some more to  
> help with later investigations.

Bearing in mind I'm strictly an amateur in these things...

Would it be worth signing each document with several keys, but only  
releasing the public key for the first?  Then if that were  
compromised, you issue the second, and so on.  Without the public key  
to bite on, doesn't that make an attacker's life harder?


From lists at internetpolicyagency.com  Fri Aug 14 12:10:53 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 14 Aug 2009 12:10:53 +0100
Subject: ID Card Fail
In-Reply-To: <4A8400B0.4010907@gmail.com>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>
	<4A7DDE15.5010905@iosis.co.uk> <4A828A4A.1070300@gmail.com>
	<r+R6GFyu1ogKFAE6@perry.co.uk> <4A8400B0.4010907@gmail.com>
Message-ID: <W1EFUEv9YUhKFArO@perry.co.uk>

In article <4A8400B0.4010907 at gmail.com>, Adrian Midgley 
<amidgley at gmail.com> writes
>>> Am I missing something if I don't see why distribution of public keys
>>> would be a problem?
>>
>> Depends what risk you are talking about.
>>
>> If the bad guys succeed in replacing the public key of a major country
>> with a false one, every airport using this technology would immediately
>> seize up as a result of rejected passports. That might be as much harm
>> as they were trying to do. Or possibly sneak some terrorists in under
>> cover of the ensuing chaos and manual processing.
>
>It isn't obvious to me that distributing the correct key makes it
>easier, or harder, to replace the public key

I'm not in "easier/harder" territory at all. Rather I'm in "here is a 
new territory, that you may not have considered in your threat model".

>of even a minor country.

Wouldn't they all be equally at risk?
-- 
Roland Perry


From pwt at iosis.co.uk  Sat Aug 15 11:04:52 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Sat, 15 Aug 2009 11:04:52 +0100
Subject: HSBC banking web site trojan
Message-ID: <4A868844.9060908@iosis.co.uk>

This morning (Saturday) HSBC's Personal Banking web site has a Trojan 
that tries to download when you click 'Login' from the general HSBC 
portal page. Kaspersky reports Trojan.HTML.Agent.ce.

I found it at 10.10. HSBC call centre didn't know at 10.30 - but the 
lady there found that she could not log in, went away, came back, told 
me that the company did know and is trying to fix it (one hour was 
suggested)... So why did they not just kill the site?

HSBC Business Banking (accessed from the same portal) is OK.

Peter



From pwt at iosis.co.uk  Sat Aug 15 13:40:56 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Sat, 15 Aug 2009 13:40:56 +0100
Subject: HSBC banking web site trojan
In-Reply-To: <4A868844.9060908@iosis.co.uk>
References: <4A868844.9060908@iosis.co.uk>
Message-ID: <4A86ACD8.2020203@iosis.co.uk>

The HSBC site was indeed working again, and securely (at least Kaspersky 
s/w thought so), within the hour.

Peter

Peter Tomlinson wrote:
> This morning (Saturday) HSBC's Personal Banking web site has a Trojan 
> that tries to download when you click 'Login' from the general HSBC 
> portal page. Kaspersky reports Trojan.HTML.Agent.ce.
>
> I found it at 10.10. HSBC call centre didn't know at 10.30 - but the 
> lady there found that she could not log in, went away, came back, told 
> me that the company did know and is trying to fix it (one hour was 
> suggested)... So why did they not just kill the site?
>
> HSBC Business Banking (accessed from the same portal) is OK.
>
> Peter 



From no2dpi at googlemail.com  Sat Aug 15 14:08:39 2009
From: no2dpi at googlemail.com (Alexander Hanff)
Date: Sat, 15 Aug 2009 14:08:39 +0100
Subject: HSBC banking web site trojan
In-Reply-To: <4A86ACD8.2020203@iosis.co.uk>
References: <4A868844.9060908@iosis.co.uk> <4A86ACD8.2020203@iosis.co.uk>
Message-ID: <4A86B357.1030703@googlemail.com>

Peter Tomlinson wrote:
> The HSBC site was indeed working again, and securely (at least 
> Kaspersky s/w thought so), within the hour.
>
> Peter
>
> Peter Tomlinson wrote:
>> This morning (Saturday) HSBC's Personal Banking web site has a Trojan 
>> that tries to download when you click 'Login' from the general HSBC 
>> portal page. Kaspersky reports Trojan.HTML.Agent.ce.
>>
>> I found it at 10.10. HSBC call centre didn't know at 10.30 - but the 
>> lady there found that she could not log in, went away, came back, 
>> told me that the company did know and is trying to fix it (one hour 
>> was suggested)... So why did they not just kill the site?
>>
>> HSBC Business Banking (accessed from the same portal) is OK.
>>
>> Peter 
>
>
>
Yes but how many hundreds or even thousands of HSBC customers who have 
out of date anti-virus protection or indeed none at all - now have a 
trojan on their system which could have keylogged their attempts to 
access their online banking?  Have HSBC acknowledged on their site that 
there was a security breach?

Alexander


From pwt at iosis.co.uk  Sat Aug 15 18:10:54 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Sat, 15 Aug 2009 18:10:54 +0100
Subject: HSBC banking web site trojan
In-Reply-To: <4A86B357.1030703@googlemail.com>
References: <4A868844.9060908@iosis.co.uk> <4A86ACD8.2020203@iosis.co.uk>
	<4A86B357.1030703@googlemail.com>
Message-ID: <4A86EC1E.8060100@iosis.co.uk>

Alexander Hanff wrote:
> Peter Tomlinson wrote:
>> The HSBC site was indeed working again, and securely (at least 
>> Kaspersky s/w thought so), within the hour.
>>
>> Peter Tomlinson wrote:
>>> This morning (Saturday) HSBC's Personal Banking web site has a 
>>> Trojan that tries to download when you click 'Login' from the 
>>> general HSBC portal page. Kaspersky reports Trojan.HTML.Agent.ce.
>>>
>>> I found it at 10.10. HSBC call centre didn't know at 10.30 - but the 
>>> lady there found that she could not log in, went away, came back, 
>>> told me that the company did know and is trying to fix it (one hour 
>>> was suggested)... So why did they not just kill the site?
>>>
>>> HSBC Business Banking (accessed from the same portal) is OK.
> Yes but how many hundreds or even thousands of HSBC customers who have 
> out of date anti-virus protection or indeed none at all - now have a 
> trojan on their system which could have keylogged their attempts to 
> access their online banking?  Have HSBC acknowledged on their site 
> that there was a security breach?
Nothing found - I have just logged in again (6 pm) to check, and so have 
sent them this message:

"This morning (Saturday) at about 10.10, when trying to log in to 
Internet personal Banking, your site served me with a Trojan - which my 
Internet Security software trapped. I telephoned the customer service 
line, and by about 10.30 was told that you knew that you had a problem 
and would fix it within an hour. Indeed you did fix it, but WHERE IS THE 
WARNING ON THE SITE FOR CUSTOMERS, telling them that their system may 
have been compromised?
Although you obviously expect us to be protected, I'm sure that you will 
be aware that not every customer is going to be protected, and thus some 
customers could have their personal information stolen by the Trojan."

Peter




From tugwilson at gmail.com  Sat Aug 15 18:18:19 2009
From: tugwilson at gmail.com (John Wilson)
Date: Sat, 15 Aug 2009 18:18:19 +0100
Subject: HSBC banking web site trojan
In-Reply-To: <4A86EC1E.8060100@iosis.co.uk>
References: <4A868844.9060908@iosis.co.uk> <4A86ACD8.2020203@iosis.co.uk>
	<4A86B357.1030703@googlemail.com> <4A86EC1E.8060100@iosis.co.uk>
Message-ID: <a9f4d96f0908151018m2bca4156me409d56f3799b435@mail.gmail.com>

2009/8/15 Peter Tomlinson <pwt at iosis.co.uk>:
[snip]
>
> Nothing found - I have just logged in again (6 pm) to check, and so have
> sent them this message:
>
> "This morning (Saturday) at about 10.10, when trying to log in to Internet
> personal Banking, your site served me with a Trojan - which my Internet
> Security software trapped. I telephoned the customer service line, and by
> about 10.30 was told that you knew that you had a problem and would fix it
> within an hour. Indeed you did fix it, but WHERE IS THE WARNING ON THE SITE
> FOR CUSTOMERS, telling them that their system may have been compromised?
> Although you obviously expect us to be protected, I'm sure that you will be
> aware that not every customer is going to be protected, and thus some
> customers could have their personal information stolen by the Trojan."


They are claiming that it was a false positive from the AV software
http://community.zdnet.co.uk/blog/0,1000000567,10013471o-2000331777b,00.htm

John Wilson


From wendyg at pelicancrossing.net  Sat Aug 15 18:19:26 2009
From: wendyg at pelicancrossing.net (Wendy M. Grossman)
Date: Sat, 15 Aug 2009 18:19:26 +0100
Subject: HSBC banking web site trojan
In-Reply-To: <4A86EC1E.8060100@iosis.co.uk>
References: <4A868844.9060908@iosis.co.uk>
	<4A86ACD8.2020203@iosis.co.uk>	<4A86B357.1030703@googlemail.com>
	<4A86EC1E.8060100@iosis.co.uk>
Message-ID: <4A86EE1E.1020407@pelicancrossing.net>

Peter Tomlinson wrote:
> 
> "This morning (Saturday) at about 10.10, when trying to log in to 
> Internet personal Banking, your site served me with a Trojan - which my 
> Internet Security software trapped. I telephoned the customer service 
> line, and by about 10.30 was told that you knew that you had a problem 
> and would fix it within an hour. Indeed you did fix it, but WHERE IS THE 
> WARNING ON THE SITE FOR CUSTOMERS, telling them that their system may 
> have been compromised?
> Although you obviously expect us to be protected, I'm sure that you will 
> be aware that not every customer is going to be protected, and thus some 
> customers could have their personal information stolen by the Trojan."
> 

Rupert Goodwins at ZDNet UK spent much of the day trying to find out 
from HSBC PR what was going on.

http://bit.ly/IrOUj

has the results: the bank says that the problem is false alarms from 
Kaspersky's a-v software.

wg


From maryhawking at tigers.demon.co.uk  Sun Aug 16 08:33:04 2009
From: maryhawking at tigers.demon.co.uk (Mary Hawking)
Date: Sun, 16 Aug 2009 08:33:04 +0100
Subject: HSBC banking web site trojan
In-Reply-To: <mailman.2.1250405286.30815.ukcrypto@chiark.greenend.org.uk>
References: <mailman.2.1250405286.30815.ukcrypto@chiark.greenend.org.uk>
Message-ID: <wEdZVMDwY7hKFwsY@tigers.demon.co.uk>

In message <mailman.2.1250405286.30815.ukcrypto at chiark.greenend.org.uk>, 
ukcrypto-request at chiark.greenend.org.uk writes

>Rupert Goodwins at ZDNet UK spent much of the day trying to find out 
>from HSBC PR what was going on.
>
>http://bit.ly/IrOUj
>
>has the results: the bank says that the problem is false alarms from 
>Kaspersky's a-v software.
>
>wg

Do/should we believe them - especially as Peter actually captured the 
Trojan?
And if they are to be believed, and there was no Trojan, where did the 
Trojan Peter caught come from?

Mary Hawking

-- 
Mary Hawking



From pwt at iosis.co.uk  Sun Aug 16 09:19:00 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Sun, 16 Aug 2009 09:19:00 +0100
Subject: HSBC banking web site trojan
In-Reply-To: <wEdZVMDwY7hKFwsY@tigers.demon.co.uk>
References: <mailman.2.1250405286.30815.ukcrypto@chiark.greenend.org.uk>
	<wEdZVMDwY7hKFwsY@tigers.demon.co.uk>
Message-ID: <4A87C0F4.4080804@iosis.co.uk>

Mary Hawking wrote:
> In message 
> <mailman.2.1250405286.30815.ukcrypto at chiark.greenend.org.uk>, 
> ukcrypto-request at chiark.greenend.org.uk writes
>> Rupert Goodwins at ZDNet UK spent much of the day trying to find out 
>> from HSBC PR what was going on.
>>
>> http://bit.ly/IrOUj
>>
>> has the results: the bank says that the problem is false alarms from 
>> Kaspersky's a-v software.
>>
>> wg
> Do/should we believe them - especially as Peter actually captured the 
> Trojan?
> And if they are to be believed, and there was no Trojan, where did the 
> Trojan Peter caught come from?
I'm more inclined to think that, if indeed there was no Trojan, this 
could have been a signature clash between whatever HSBC was sending as 
part of the web page and some section of the Trojan that Kaspersky's 
database had analysed.

Peter




From no2dpi at googlemail.com  Sun Aug 16 12:41:41 2009
From: no2dpi at googlemail.com (Alexander Hanff)
Date: Sun, 16 Aug 2009 12:41:41 +0100
Subject: HSBC banking web site trojan
In-Reply-To: <4A87C0F4.4080804@iosis.co.uk>
References: <mailman.2.1250405286.30815.ukcrypto@chiark.greenend.org.uk>	<wEdZVMDwY7hKFwsY@tigers.demon.co.uk>
	<4A87C0F4.4080804@iosis.co.uk>
Message-ID: <4A87F075.6080206@googlemail.com>

Peter Tomlinson wrote:
> Mary Hawking wrote:
>> In message 
>> <mailman.2.1250405286.30815.ukcrypto at chiark.greenend.org.uk>, 
>> ukcrypto-request at chiark.greenend.org.uk writes
>>> Rupert Goodwins at ZDNet UK spent much of the day trying to find out 
>>> from HSBC PR what was going on.
>>>
>>> http://bit.ly/IrOUj
>>>
>>> has the results: the bank says that the problem is false alarms from 
>>> Kaspersky's a-v software.
>>>
>>> wg
>> Do/should we believe them - especially as Peter actually captured the 
>> Trojan?
>> And if they are to be believed, and there was no Trojan, where did 
>> the Trojan Peter caught come from?
> I'm more inclined to think that, if indeed there was no Trojan, this 
> could have been a signature clash between whatever HSBC was sending as 
> part of the web page and some section of the Trojan that Kaspersky's 
> database had analysed.
>
> Peter
>
>
>
>
Call me cynical but I am rather more inclined to go along with Mary's 
point of view on this one.  If you were a large bank would you want to 
admit your system's security had been compromised?  It is one thing them 
saying it was a false positive but how about actually providing some 
proof to back it up?  Banks lost their right to consumer trust a long 
time ago and I would not take their word for anything without evidence 
to support it.

Alexander Hanff


From fw at deneb.enyo.de  Sun Aug 16 14:27:54 2009
From: fw at deneb.enyo.de (Florian Weimer)
Date: Sun, 16 Aug 2009 15:27:54 +0200
Subject: HSBC banking web site trojan
In-Reply-To: <wEdZVMDwY7hKFwsY@tigers.demon.co.uk> (Mary Hawking's message of
	"Sun, 16 Aug 2009 08:33:04 +0100")
References: <mailman.2.1250405286.30815.ukcrypto@chiark.greenend.org.uk>
	<wEdZVMDwY7hKFwsY@tigers.demon.co.uk>
Message-ID: <87ljlj99d1.fsf@mid.deneb.enyo.de>

* Mary Hawking:

> Do/should we believe them - especially as Peter actually captured the
> Trojan?

He didn't say he did.  He said that he saw a message on his computer.


From pwt at iosis.co.uk  Sun Aug 16 15:57:53 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Sun, 16 Aug 2009 15:57:53 +0100
Subject: HSBC banking web site trojan
In-Reply-To: <87ljlj99d1.fsf@mid.deneb.enyo.de>
References: <mailman.2.1250405286.30815.ukcrypto@chiark.greenend.org.uk>	<wEdZVMDwY7hKFwsY@tigers.demon.co.uk>
	<87ljlj99d1.fsf@mid.deneb.enyo.de>
Message-ID: <4A881E71.4050000@iosis.co.uk>

Florian Weimer wrote:
> * Mary Hawking:
>   
>> Do/should we believe them - especially as Peter actually captured the
>>
>>     
> Trojan?He didn't say he did.  He said that he saw a message on his computer.
That's right: Kaspersky blocked the page access and told me that it had 
detected a Trojan trying to download (and it gave out a frightening loud 
squeal). Now K did give me the option to allow the download to complete, 
but I wasn't going to take that risk - admittedly the system used was 
not my main system, but it does hold a lot of backup data as well as 
financial data for both business and personal bank a/c, plus other 
personal data, and it is on my local network along with my Vonage 
internet phone line box and sometimes my laptop and another system (like 
friends ask me to update systems for them), and it has its own external 
disc drive ...

Peter




From richard at highwayman.com  Sun Aug 16 19:34:59 2009
From: richard at highwayman.com (Richard Clayton)
Date: Sun, 16 Aug 2009 19:34:59 +0100
Subject: HSBC banking web site trojan
In-Reply-To: <wEdZVMDwY7hKFwsY@tigers.demon.co.uk>
References: <mailman.2.1250405286.30815.ukcrypto@chiark.greenend.org.uk>
	<wEdZVMDwY7hKFwsY@tigers.demon.co.uk>
Message-ID: <iTtLisBTFFiKFAGm@highwayman.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <wEdZVMDwY7hKFwsY at tigers.demon.co.uk>, Mary Hawking
<maryhawking at tigers.demon.co.uk> writes

>In message <mailman.2.1250405286.30815.ukcrypto at chiark.greenend.org.uk>, 
>ukcrypto-request at chiark.greenend.org.uk writes
>
>>the bank says that the problem is false alarms from 
>>Kaspersky's a-v software.
>>
>
>Do/should we believe them

yes... false alarms are common

CA eTrust (12 Aug 2009)
   http://www.theregister.co.uk/2009/08/12/ca_auto_immune_update/

AVG (27 July 2009)
   http://www.theregister.co.uk/2009/07/27/avg_itunes_false_positive/

CA Antivirus (10 July 2009)
   http://www.theregister.co.uk/2009/07/10/ca_rogue_av_update/

McAfee (3 July 2009)
   http://www.theregister.co.uk/2009/07/03/mcafee_false_positive_glitch/

and many many more...

This is almost certainly not going to get any better because the AV
world is under considerable pressure. Last year the AV industry became
aware of about one million new bits of malware. This year it is running
at about one million a month.

That means that the problem that AV vendors face is choosing which bits
of malware to include signatures for in their systems (hence the low
coverage that people measure)... and/or how "fuzzy" to make those
signatures (hence the false positives).

   I listened to a fine talk in June by an AVG engineer who suggested (a
   little tongue-in-cheek, but not much) that seeing two malware samples
   the same now meant that this was a false positive!

Conversely, where malware attacks particular bits of software (or
particular industries, such as the banking trojans we've seen this
year), the problem is how to make sure that this malware is prioritised
by the AV industry and not treated as of minor importance because too
few samples have been seen.

The bottom line is that the traditional way AV works (identify a sample
of the malware, develop a signature, distribute the signature, block
further samples of the malware) is now all but history.

It will be some time (IMO) before AV is once again a key technology in
protecting end-users :(  and the mantra of "run AV, run a firewall,
patch up to date" could now usefully be scrapped. The message should be
concentrated solely on the issue of patching; and not just patching of
the operating system and browser, but of all the add-on, plugin and
helper programs that run on modern end-user systems.

- -- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSohRU5oAxkTY1oPiEQJOiACdGBnqbEK2xlihcmCQe7DnNIkdhp0AoNF6
E/drY81aFnLbavpkh/uqazNa
=3ZEz
-----END PGP SIGNATURE-----


From wendyg at pelicancrossing.net  Sun Aug 16 19:43:16 2009
From: wendyg at pelicancrossing.net (Wendy M. Grossman)
Date: Sun, 16 Aug 2009 19:43:16 +0100
Subject: HSBC banking web site trojan
In-Reply-To: <iTtLisBTFFiKFAGm@highwayman.com>
References: <mailman.2.1250405286.30815.ukcrypto@chiark.greenend.org.uk>	<wEdZVMDwY7hKFwsY@tigers.demon.co.uk>
	<iTtLisBTFFiKFAGm@highwayman.com>
Message-ID: <4A885344.4040700@pelicancrossing.net>

Richard Clayton wrote:

> The bottom line is that the traditional way AV works (identify a sample
> of the malware, develop a signature, distribute the signature, block
> further samples of the malware) is now all but history.

FWIW, I did a piece on this for the Guardian in 2007:

http://www.guardian.co.uk/technology/2007/sep/20/guardianweeklytechnologysection.spam?gusrc=rss&feed=technology

wg


From fw at deneb.enyo.de  Sun Aug 16 20:46:13 2009
From: fw at deneb.enyo.de (Florian Weimer)
Date: Sun, 16 Aug 2009 21:46:13 +0200
Subject: HSBC banking web site trojan
In-Reply-To: <4A881E71.4050000@iosis.co.uk> (Peter Tomlinson's message of
	"Sun, 16 Aug 2009 15:57:53 +0100")
References: <mailman.2.1250405286.30815.ukcrypto@chiark.greenend.org.uk>
	<wEdZVMDwY7hKFwsY@tigers.demon.co.uk>
	<87ljlj99d1.fsf@mid.deneb.enyo.de> <4A881E71.4050000@iosis.co.uk>
Message-ID: <87tz07zgmy.fsf@mid.deneb.enyo.de>

* Peter Tomlinson:

> That's right: Kaspersky blocked the page access and told me that it
> had detected a Trojan trying to download (and it gave out a
> frightening loud squeal). Now K did give me the option to allow the
> download to complete, but I wasn't going to take that risk -

Okay, that's understandable.  So there's no sample to look at.  Since
Kaspersky was apparently the only AV vendor to flag that page, it's
quite likely a false positive.

Signatures for malicious HTML are still somewhat in its infancy.  It
doesn't help that some sites use Javascript compressors/obfuscators
which heavily rely on self-modifying code (I couldn't find that on
HSBC's site during a quick analysis, though), and the browser exploit
toolkits use the same content injection idioms as the half-legal
surveillance tools from Google, Omniture et al.


From lists at internetpolicyagency.com  Mon Aug 17 10:14:28 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Mon, 17 Aug 2009 10:14:28 +0100
Subject: HSBC banking web site trojan
In-Reply-To: <4A87F075.6080206@googlemail.com>
References: <mailman.2.1250405286.30815.ukcrypto@chiark.greenend.org.uk>
	<wEdZVMDwY7hKFwsY@tigers.demon.co.uk> <4A87C0F4.4080804@iosis.co.uk>
	<4A87F075.6080206@googlemail.com>
Message-ID: <+hFPBwr09RiKFAHk@perry.co.uk>

In article <4A87F075.6080206 at googlemail.com>, Alexander Hanff 
<no2dpi at googlemail.com> writes
>Call me cynical but I am rather more inclined to go along with Mary's 
>point of view on this one.  If you were a large bank would you want to 
>admit your system's security had been compromised?

I'm very inclined to believe Rupert - it's very hard to pull the wool 
over his eyes.
-- 
Roland Perry


From David_Biggins at usermgmt.com  Mon Aug 17 17:43:43 2009
From: David_Biggins at usermgmt.com (David Biggins)
Date: Mon, 17 Aug 2009 17:43:43 +0100
Subject: HSBC banking web site trojan
In-Reply-To: <+hFPBwr09RiKFAHk@perry.co.uk>
References: <mailman.2.1250405286.30815.ukcrypto@chiark.greenend.org.uk><wEdZVMDwY7hKFwsY@tigers.demon.co.uk>
	<4A87C0F4.4080804@iosis.co.uk><4A87F075.6080206@googlemail.com>
	<+hFPBwr09RiKFAHk@perry.co.uk>
Message-ID: <C6F343320DAC194BA010FD66AD493623391D9C@home.usermgmt.local>

Looks as if Kaspersky have also said it was a false positive in their
software:

http://www.theregister.co.uk/2009/08/17/hsbc_kaspersky_false_alarm/ 

> 'However the warning was only a false alarm 
> which was "rectified quickly", 
> according to a Kaspersky spokesman'

So probably not an HSBC cover-up then...

;-)

D.


From chl at clerew.man.ac.uk  Tue Aug 18 12:28:40 2009
From: chl at clerew.man.ac.uk (Charles Lindsey)
Date: Tue, 18 Aug 2009 12:28:40 +0100
Subject: ID Card Fail
In-Reply-To: <4A85155C.9030400@gmx.co.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>
	<4A7DDE15.5010905@iosis.co.uk> <4A828A4A.1070300@gmail.com>
	<r+R6GFyu1ogKFAE6@perry.co.uk> <4A8400B0.4010907@gmail.com>
	<4A840FBD.3040800@bbk.ac.uk>
	<DBDA0040-79C0-4BC8-8A5C-44597342590D@batten.eu.org>
	<4A8445EA.6040209@iosis.co.uk> <4A85155C.9030400@gmx.co.uk>
Message-ID: <op.uyuvh2kh6hl8nm@clerew.man.ac.uk>

On Fri, 14 Aug 2009 08:42:20 +0100, Dave Howe <DaveHowe at gmx.co.uk> wrote:

>  then you
> would be effectively setting up each CC as a x509 CA, which is going to
> put them into direct competition with the likes of verisign....
>
Which itself could be a GHood Thing :-) .

-- 
Charles?H.?Lindsey?---------At?Home,?doing?my?own?thing------------------------
Tel:?+44?161?436?6131?                      
???Web:?http://www.cs.man.ac.uk/~chl
Email:?chl at clerew.man.ac.uk??????Snail:?5?Clerewood?Ave,?CHEADLE,?SK8?3JU,?U.K.
PGP:?2C15F1A9??????Fingerprint:?73?6D?C2?51?93?A0?01?E7?65?E8?64?7E?14?A4?AB?A5


From DaveHowe at gmx.co.uk  Wed Aug 19 08:42:23 2009
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Wed, 19 Aug 2009 08:42:23 +0100
Subject: ID Card Fail
In-Reply-To: <op.uyuvh2kh6hl8nm@clerew.man.ac.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>	<4A7DDE15.5010905@iosis.co.uk>
	<4A828A4A.1070300@gmail.com>	<r+R6GFyu1ogKFAE6@perry.co.uk>
	<4A8400B0.4010907@gmail.com>	<4A840FBD.3040800@bbk.ac.uk>	<DBDA0040-79C0-4BC8-8A5C-44597342590D@batten.eu.org>	<4A8445EA.6040209@iosis.co.uk>
	<4A85155C.9030400@gmx.co.uk> <op.uyuvh2kh6hl8nm@clerew.man.ac.uk>
Message-ID: <4A8BACDF.3060804@gmx.co.uk>

Charles Lindsey wrote:
> On Fri, 14 Aug 2009 08:42:20 +0100, Dave Howe <DaveHowe at gmx.co.uk> wrote:
> 
>>  then you
>> would be effectively setting up each CC as a x509 CA, which is going to
>> put them into direct competition with the likes of verisign....

> Which itself could be a GHood Thing :-) .

Which I agree with in some ways, but not in others.

Currently, the big American CAs have a virtual monopoly, on a market of
pretty much fixed size, for a product which effectively has a production
cost of zero and a shelf life of exactly one year. However, all products
are pretty much equal (setting aside EV, the certificate that promises
"we will REALLY do all those checks we have been charging the customer
to do for over a decade, this time, honest" but was spoofed within weeks
of launch). We don't really need to get into that one, but I am not sure
that I trust the current bunch (or their replacements; its a truism that
no matter who you vote for, a politician gets in), nor their equivalents
in every European (or eventually, non-European) country worldwide, to do
much if any of a better job (albeit, they probably wouldn't/couldn't do
much worse).

However, the implications of a CC issued cert being indistinguishable
(and browser-valid) for, just for argument sake, a small dictatorship
with an active intelligence service willing to take "incentives" from
those with enough money to offer them, an active "business network" like
the RBN, and a desire from the top to get foreign dollars into local
circulation even if the means are a little suspect, aren't that hard to
extrapolate.


From igb at batten.eu.org  Thu Aug 20 12:04:01 2009
From: igb at batten.eu.org (Ian Batten)
Date: Thu, 20 Aug 2009 12:04:01 +0100
Subject: Removing the CV2 from Credit Cards
Message-ID: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>

Someone I think on this list had the rather excellent suggestion  
recently that to improve credit card security one could remove the CV2  
value from the card and record it separately.  That makes it somewhat  
harder (albeit not hugely so) to skim your card at a restaurant or use  
it if stolen.

Has anyone actually done this?

On Visa and Mastercard products it's on the signature strip, which I  
know from experimenting with expired cards will read VOID or similar  
if you rub at it.  I believe that cards are supposed to be rejected if  
the blue/yellow stripes (Visa) or Mastercard logos are damaged,  
although my Visa cards (which I use a lot more than my Mastercard) are  
very worn and have not been bounced.

And for AmEx, the 4-digit CV2 is printed on the face of the card and I  
am reluctant to remove it, as it will leave the card physically  
looking suspicious.

As the whole point is to protect the CV2 information on cards that I  
use and carry physically, the fact that I could do what I wanted (in  
the limit, destroy it and retain only the details) with a card I only  
use online is irrelevant: that's not the threat model.

ian



From nigel.metheringham at dev.intechnology.co.uk  Thu Aug 20 12:34:21 2009
From: nigel.metheringham at dev.intechnology.co.uk (Nigel Metheringham)
Date: Thu, 20 Aug 2009 12:34:21 +0100
Subject: Removing the CV2 from Credit Cards
In-Reply-To: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>
References: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>
Message-ID: <8131ACAC-9107-47EF-9667-6E9F66A6DB12@dev.intechnology.co.uk>


On 20 Aug 2009, at 12:04, Ian Batten wrote:
> Has anyone actually done this?


I have blacked out the CV2 on my card, but it has not subsequently  
been in the hands of anyone else so I have not had an opportunity for  
it to be queried...

	Nigel.
--
[ Nigel Metheringham             Nigel.Metheringham at InTechnology.com ]
[ - Comments in this message are my own and not ITO opinion/policy - ]



From ukcrypto at magardner.co.uk  Thu Aug 20 15:47:55 2009
From: ukcrypto at magardner.co.uk (Martin Gardner)
Date: Thu, 20 Aug 2009 15:47:55 +0100
Subject: Removing the CV2 from Credit Cards
In-Reply-To: <8131ACAC-9107-47EF-9667-6E9F66A6DB12@dev.intechnology.co.uk>
References: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>
	<8131ACAC-9107-47EF-9667-6E9F66A6DB12@dev.intechnology.co.uk>
Message-ID: <e3d4a4800908200747x47b5395bkde5cc8ceaf9e32e@mail.gmail.com>

On a related note has anyone else been asked to provide the CVV over the
phone, when ordering a takeaway for example?

Cheers

Martin

2009/8/20 Nigel Metheringham <nigel.metheringham at dev.intechnology.co.uk>

>
> On 20 Aug 2009, at 12:04, Ian Batten wrote:
>
>> Has anyone actually done this?
>>
>
>
> I have blacked out the CV2 on my card, but it has not subsequently been in
> the hands of anyone else so I have not had an opportunity for it to be
> queried...
>
>        Nigel.
> --
> [ Nigel Metheringham             Nigel.Metheringham at InTechnology.com ]
> [ - Comments in this message are my own and not ITO opinion/policy - ]
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090820/74be4fc5/attachment.htm>

From lists at internetpolicyagency.com  Thu Aug 20 16:30:30 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Thu, 20 Aug 2009 16:30:30 +0100
Subject: Removing the CV2 from Credit Cards
In-Reply-To: <e3d4a4800908200747x47b5395bkde5cc8ceaf9e32e@mail.gmail.com>
References: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>
	<8131ACAC-9107-47EF-9667-6E9F66A6DB12@dev.intechnology.co.uk>
	<e3d4a4800908200747x47b5395bkde5cc8ceaf9e32e@mail.gmail.com>
Message-ID: <1I8dbqTWwWjKFAdJ@perry.co.uk>

In article <e3d4a4800908200747x47b5395bkde5cc8ceaf9e32e at mail.gmail.com>, 
Martin Gardner <ukcrypto at magardner.co.uk> writes
>On a related note has anyone else been asked to provide the CVV over 
>the phone, when ordering a takeaway for example

The Parliamentary Bookshop asked me for it (I was stood there at the 
time) when placing an order for a report they didn't have in stock. 
Ironic that it was the HoL Personal Internet Security volume :)

I can only assume that they create such orders internally using a 
"virtual CNP" transaction. Of all the places to get such a thing so 
wrong...
-- 
Roland Perry


From glynwintle at yahoo.com  Thu Aug 20 12:40:34 2009
From: glynwintle at yahoo.com (Glyn Wintle)
Date: Thu, 20 Aug 2009 04:40:34 -0700 (PDT)
Subject: Government proposes national smart ticketing strategy
Message-ID: <360238.91313.qm@web52705.mail.re2.yahoo.com>

http://www.computing.co.uk/computing/news/2248187/government-proposes-national


The government is consulting on proposals that could see an Oyster-style smart ticketing system introduced nationwide.

The government estimates that a national system that works in a similar manner to London's popular travel smartcard could save as much as ?2.6bn per year through improved journey times and faster, more convenient purchasing and issue of tickets.

The proposals could also see mobile phones being used as tickets with pre-pay credit loaded onto them, and cards and systems that would allow instant contactless payment from bank cards.

Transport minister Sadiq Khan said making it easier to use public transport was a key aim of the proposals.

"We know that passengers want quicker journeys and better reliability, and smart ticketing will help us do that," he said.

"We could see the end to waiting in line at ticket machines, while buses could spend half the amount of time sitting at the bus stop waiting for people to board and looking for the right change. In some cases, direct payments may even do away with the need for a ticket at all."

Smart tickets are harder to replicate and can be electronically "killed" the moment they are reported lost or stolen with any remaining balance refunded.

The government envisions operators being able to run their own loyalty schemes and offer ticket types to suit individual customers' needs....


      


From ukcrypto at philipkatz.eu  Thu Aug 20 15:58:04 2009
From: ukcrypto at philipkatz.eu (Philip Katz)
Date: Thu, 20 Aug 2009 15:58:04 +0100
Subject: Removing the CV2 from Credit Cards
In-Reply-To: <e3d4a4800908200747x47b5395bkde5cc8ceaf9e32e@mail.gmail.com>
References: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>	<8131ACAC-9107-47EF-9667-6E9F66A6DB12@dev.intechnology.co.uk>
	<e3d4a4800908200747x47b5395bkde5cc8ceaf9e32e@mail.gmail.com>
Message-ID: <000c01ca21a6$a25222a0$e6f667e0$@eu>

> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> bounces at chiark.greenend.org.uk] On Behalf Of Martin Gardner
> Sent: Thursday, August 20, 2009 3:48 PM
> To: UK Cryptography Policy Discussion Group
> Subject: Re: Removing the CV2 from Credit Cards
> 
> 
> On a related note has anyone else been asked to provide the CVV over the
> phone, when ordering a takeaway for example?

Isn't that the whole point of CVV - to verify CNP transactions?

Philip



From lists at internetpolicyagency.com  Thu Aug 20 17:06:47 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Thu, 20 Aug 2009 17:06:47 +0100
Subject: Removing the CV2 from Credit Cards
In-Reply-To: <000c01ca21a6$a25222a0$e6f667e0$@eu>
References: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>
	<8131ACAC-9107-47EF-9667-6E9F66A6DB12@dev.intechnology.co.uk>
	<e3d4a4800908200747x47b5395bkde5cc8ceaf9e32e@mail.gmail.com>
	<000c01ca21a6$a25222a0$e6f667e0$@eu>
Message-ID: <6bMufeZXSXjKFAMN@perry.co.uk>

In article <000c01ca21a6$a25222a0$e6f667e0$@eu>, Philip Katz 
<ukcrypto at philipkatz.eu> writes
>> On a related note has anyone else been asked to provide the CVV over the
>> phone, when ordering a takeaway for example?
>
>Isn't that the whole point of CVV - to verify CNP transactions?

Not if you are paying when you pick up. Apart from the unlikely event 
that they'll charge you a "cancellation fee" if you don't.
-- 
Roland Perry


From nbohm at ernest.net  Thu Aug 20 17:18:43 2009
From: nbohm at ernest.net (Nicholas Bohm)
Date: Thu, 20 Aug 2009 17:18:43 +0100
Subject: Removing the CV2 from Credit Cards
In-Reply-To: <e3d4a4800908200747x47b5395bkde5cc8ceaf9e32e@mail.gmail.com>
References: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>	<8131ACAC-9107-47EF-9667-6E9F66A6DB12@dev.intechnology.co.uk>
	<e3d4a4800908200747x47b5395bkde5cc8ceaf9e32e@mail.gmail.com>
Message-ID: <4A8D7763.7000605@ernest.net>

An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090820/00f5f5d6/attachment.htm>

From lists at internetpolicyagency.com  Thu Aug 20 17:17:50 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Thu, 20 Aug 2009 17:17:50 +0100
Subject: Government proposes national smart ticketing strategy
In-Reply-To: <360238.91313.qm@web52705.mail.re2.yahoo.com>
References: <360238.91313.qm@web52705.mail.re2.yahoo.com>
Message-ID: <JLyi7paucXjKFAKJ@perry.co.uk>

In article <360238.91313.qm at web52705.mail.re2.yahoo.com>, Glyn Wintle 
<glynwintle at yahoo.com> writes
>"We could see the end to waiting in line at ticket machines,

As long as you've pre-ordered the ticket on-line (in which case I 
believe they propose that you collect it at the gate[1]). Because I'm 
not sure they are seriously proposing a national PAYG system - the 
complexities would be horrendous.

>while buses could spend half the amount of time sitting at the bus stop 
>waiting for people to board and looking for the right change.

We have smartcard bus ticketing here in Nottingham, and so now you wait 
for people to find their card in their wallet or handbag, and then work 
out (afresh each time it seems) where to wave it in front of the reader 
so that it "beeps". This is a world away from hundreds of agile young 
commuters rushing the ticket gates with their Oyster cards.

People chucking ?1.50 (flat fare) at the driver can often be quicker.

>In some cases, direct payments may even do away with the need for a
>ticket at all."

He probably means "a printed coupon". You'll still need the smartcard 
(even if it's embedded in a phone case).

But a truly national system would be a good idea. Rather than having one 
different card for every ToC.

[1] Lots of other wonderful issues like what happens if you've got two 
tickets queued up for collection, or you want to use the return halves 
in a different order.
-- 
Roland Perry


From lists at howells.me  Thu Aug 20 13:43:44 2009
From: lists at howells.me (Alex Howells)
Date: Thu, 20 Aug 2009 13:43:44 +0100
Subject: Removing the CV2 from Credit Cards
In-Reply-To: <8131ACAC-9107-47EF-9667-6E9F66A6DB12@dev.intechnology.co.uk>
References: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>
	<8131ACAC-9107-47EF-9667-6E9F66A6DB12@dev.intechnology.co.uk>
Message-ID: <4A8D4500.4030509@howells.me>

Nigel Metheringham wrote:
> 
> On 20 Aug 2009, at 12:04, Ian Batten wrote:
>> Has anyone actually done this?
> 
> 
> I have blacked out the CV2 on my card, but it has not subsequently been
> in the hands of anyone else so I have not had an opportunity for it to
> be queried...

Blacked out with permanent ink?  Spray it with Lynx or some other
deodorant and that's easily solved...


From ukcrypto at magardner.co.uk  Thu Aug 20 18:09:36 2009
From: ukcrypto at magardner.co.uk (Martin Gardner)
Date: Thu, 20 Aug 2009 18:09:36 +0100
Subject: Removing the CV2 from Credit Cards
In-Reply-To: <000c01ca21a6$a25222a0$e6f667e0$@eu>
References: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>
	<8131ACAC-9107-47EF-9667-6E9F66A6DB12@dev.intechnology.co.uk>
	<e3d4a4800908200747x47b5395bkde5cc8ceaf9e32e@mail.gmail.com>
	<000c01ca21a6$a25222a0$e6f667e0$@eu>
Message-ID: <e3d4a4800908201009k4552e9cem95eb6a3aeb44c7b7@mail.gmail.com>

2009/8/20 Philip Katz <ukcrypto at philipkatz.eu>

> > -----Original Message-----
> > From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> > bounces at chiark.greenend.org.uk] On Behalf Of Martin Gardner
> > Sent: Thursday, August 20, 2009 3:48 PM
> > To: UK Cryptography Policy Discussion Group
> > Subject: Re: Removing the CV2 from Credit Cards
> >
> >
> > On a related note has anyone else been asked to provide the CVV over the
> > phone, when ordering a takeaway for example?
>
> Isn't that the whole point of CVV - to verify CNP transactions?
>
> Philip
>
>
>
> I always feel a little uneasy giving it out over the phone because of the
likelihood that the restaurateur would write it down and not destroy it. I
suppose I should just always pay with cash instead.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090820/c3103ca7/attachment.htm>

From pwt at iosis.co.uk  Thu Aug 20 21:15:53 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Thu, 20 Aug 2009 21:15:53 +0100
Subject: Government proposes national smart ticketing strategy
In-Reply-To: <360238.91313.qm@web52705.mail.re2.yahoo.com>
References: <360238.91313.qm@web52705.mail.re2.yahoo.com>
Message-ID: <4A8DAEF9.2060001@iosis.co.uk>

As it happens, I was one of the people consulted during the study period 
- by a team that could not give me the scope of their work. Again, as it 
happens, today I was in Great Minster House (which is where it all 
happens, or not, as the case may be), at a WG that is looking at the 
synergy between smart ticketing and other citizen service functions that 
might or occasionally do use smart cards, and might later use 
NFC-enabled mobile phones. A person from the relevant part of DfT gave 
us copies of the press statement (which I recommend you all study very 
very carefully if you have any interest in this topic) and that person 
promised that I would get a copy of the 132 page consultation document 
emailed to me (already, arriving home, I find I have 2 copies).

The consultation period is only just over 2 months, so be quick.

We have been hearing motherhood and apple pie statements on this topic 
for 11 years.... (Don't get me wrong: John Prescott was serious in 1998, 
but everyone since in the Westminster and Whitehall orbits (except one 
person, now retired) have been proved to be not serious - I remain to be 
convinced that they are this time.)

(I will reply to Roland later).

Again, again, as it happens, today in mid morning I walked through 
Victoria railway station, discovering that all of the gates to platforms 
1 to 7 were wide open, as were the sliding doors down the side of 
Platform 7. Asking a railwayman why, he said "short of staff". 
"Holidays?" I said. "Yes" he replied, with a smile. So much for revenue 
protection and detail management of the public transport network...

There was also a sniffin' dog deployed at Victoria, along with a team of 
10 British Transport Police officers who were mostly strategically 
placed as catchers, and a table with some gear on it. Is that relevant? 
I don't know.

Peter

Glyn Wintle wrote:
> http://www.computing.co.uk/computing/news/2248187/government-proposes-national
>
>
> The government is consulting on proposals that could see an Oyster-style smart ticketing system introduced nationwide.
>
> The government estimates that a national system that works in a similar manner to London's popular travel smartcard could save as much as ?2.6bn per year through improved journey times and faster, more convenient purchasing and issue of tickets.
>
> The proposals could also see mobile phones being used as tickets with pre-pay credit loaded onto them, and cards and systems that would allow instant contactless payment from bank cards.
>
> Transport minister Sadiq Khan said making it easier to use public transport was a key aim of the proposals.
>
> "We know that passengers want quicker journeys and better reliability, and smart ticketing will help us do that," he said.
>
> "We could see the end to waiting in line at ticket machines, while buses could spend half the amount of time sitting at the bus stop waiting for people to board and looking for the right change. In some cases, direct payments may even do away with the need for a ticket at all."
>
> Smart tickets are harder to replicate and can be electronically "killed" the moment they are reported lost or stolen with any remaining balance refunded.
>
> The government envisions operators being able to run their own loyalty schemes and offer ticket types to suit individual customers' needs....
>
>
>       
>
>
>   



From pwt at iosis.co.uk  Thu Aug 20 21:30:51 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Thu, 20 Aug 2009 21:30:51 +0100
Subject: Government proposes national smart ticketing strategy
In-Reply-To: <JLyi7paucXjKFAKJ@perry.co.uk>
References: <360238.91313.qm@web52705.mail.re2.yahoo.com>
	<JLyi7paucXjKFAKJ@perry.co.uk>
Message-ID: <4A8DB27B.90808@iosis.co.uk>

Roland Perry wrote:
> In article <360238.91313.qm at web52705.mail.re2.yahoo.com>, Glyn Wintle 
> <glynwintle at yahoo.com> writes
>> "We could see the end to waiting in line at ticket machines,
> As long as you've pre-ordered the ticket on-line (in which case I 
> believe they propose that you collect it at the gate[1]). Because I'm 
> not sure they are seriously proposing a national PAYG system - the 
> complexities would be horrendous.
You can't do a national PAYG scheme here, for lots of reasons.

And those who wanted to deploy an on-line sales and fulfilment service 
for rail (e.g. download the ticket via your PC to your card) have been 
told to eff off. But there is now new management (again) in ATOC - we 
shall see.
>
>> while buses could spend half the amount of time sitting at the bus 
>> stop waiting for people to board and looking for the right change.
> We have smartcard bus ticketing here in Nottingham, and so now you 
> wait for people to find their card in their wallet or handbag, and 
> then work out (afresh each time it seems) where to wave it in front of 
> the reader so that it "beeps". This is a world away from hundreds of 
> agile young commuters rushing the ticket gates with their Oyster cards.
>
> People chucking ?1.50 (flat fare) at the driver can often be quicker.
Others have reported that. See below re contactless bank payment.
>
>> In some cases, direct payments may even do away with the need for a
>> ticket at all."
>
> He probably means "a printed coupon". You'll still need the smartcard 
> (even if it's embedded in a phone case).
They mean dispensing with both the printed coupon and the electronic 
ticket record in your smart card. Truly ticketless travel is what is 
meant: there will be a bank payment record and a record in the public 
transport operator's system (both of which you might be able to see 
on-line).
>
> But a truly national system would be a good idea. Rather than having 
> one different card for every ToC.
Motherhood and apple pie again...
>
> [1] Lots of other wonderful issues like what happens if you've got two 
> tickets queued up for collection, or you want to use the return halves 
> in a different order.
Lots of problems if in the card there is more than one 'product' that is 
valid for use by the unattended terminal... Employ some talented people 
and you might start to make progress (I know some who have suffered from 
the dumbing down of the last 10 years - competence hasn't counted, 
either at the technical or technical management level, but there is now 
a feeling that it might be needed).

Peter




From igb at batten.eu.org  Fri Aug 21 10:35:34 2009
From: igb at batten.eu.org (Ian Batten)
Date: Fri, 21 Aug 2009 10:35:34 +0100
Subject: Removing the CV2 from Credit Cards
In-Reply-To: <6bMufeZXSXjKFAMN@perry.co.uk>
References: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>
	<8131ACAC-9107-47EF-9667-6E9F66A6DB12@dev.intechnology.co.uk>
	<e3d4a4800908200747x47b5395bkde5cc8ceaf9e32e@mail.gmail.com>
	<000c01ca21a6$a25222a0$e6f667e0$@eu> <6bMufeZXSXjKFAMN@perry.co.uk>
Message-ID: <F73DCD96-DD78-40DA-950F-D472E944E55F@batten.eu.org>


On 20 Aug 09, at 1706, Roland Perry wrote:

> In article <000c01ca21a6$a25222a0$e6f667e0$@eu>, Philip Katz <ukcrypto at philipkatz.eu 
> > writes
>>> On a related note has anyone else been asked to provide the CVV  
>>> over the
>>> phone, when ordering a takeaway for example?
>>
>> Isn't that the whole point of CVV - to verify CNP transactions?
>
> Not if you are paying when you pick up. Apart from the unlikely  
> event that they'll charge you a "cancellation fee" if you don't.

That's routine for takeaways: the no-show rate is quite high, as is  
the ``delivery order as a prank to other people'' game.



From lists at internetpolicyagency.com  Fri Aug 21 11:19:28 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 21 Aug 2009 11:19:28 +0100
Subject: ID Card Fail
In-Reply-To: <x78sXm8mHufKFAe1@perry.co.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>
	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>
	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>
	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>
	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>
	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>
	<20090807204106.2f558604@peterson.fenrir.org.uk>
	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>
	<20090808083623.GR17800@davros.org>
	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>
	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>
	<4A7DDE15.5010905@iosis.co.uk> <4A7E6567.8040803@ernest.net>
	<rxfKlG2q1mfKFAcm@perry.co.uk>
	<FA47A732-47CA-4996-A3D1-56F9F8AB89D0@batten.eu.org>
	<x78sXm8mHufKFAe1@perry.co.uk>
Message-ID: <5c1eOQFwSnjKFANO@perry.co.uk>

In article <x78sXm8mHufKFAe1 at perry.co.uk>, Roland Perry 
<lists at internetpolicyagency.com> writes
>>The point about  a mortgage is that it's secured over a property, 
>>which in turn has a  set of deeds, so even if the mortgage is taken 
>>out by a fictional  person there is still an asset behind it.
>
>I've not studied mortgage fraud in detail, but I thought[1] it involves 
>a crooked solicitor helping you raise a loan on a fictional property.

A BBC story today, that suggests a different model. I assume the 
entities taking out these loans are either corporate and wound-up, or 
individuals who have either disappeared with the cashback money, or 
whose personal assets are nowhere near the gap between the mortgage they 
raised and the actual value realisable on repossessed property.

http://news.bbc.co.uk/1/hi/business/8213504.stm
-- 
Roland Perry


From lists at internetpolicyagency.com  Fri Aug 21 11:39:03 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 21 Aug 2009 11:39:03 +0100
Subject: Government proposes national smart ticketing strategy
In-Reply-To: <4A8DB27B.90808@iosis.co.uk>
References: <360238.91313.qm@web52705.mail.re2.yahoo.com>
	<JLyi7paucXjKFAKJ@perry.co.uk> <4A8DB27B.90808@iosis.co.uk>
Message-ID: <xs4cSvGHlnjKFAv4@perry.co.uk>

In article <4A8DB27B.90808 at iosis.co.uk>, Peter Tomlinson 
<pwt at iosis.co.uk> writes
>>> In some cases, direct payments may even do away with the need for a
>>> ticket at all."
>>
>> He probably means "a printed coupon". You'll still need the smartcard 
>>(even if it's embedded in a phone case).
>They mean dispensing with both the printed coupon and the electronic 
>ticket record in your smart card. Truly ticketless travel is what is 
>meant: there will be a bank payment record and a record in the public 
>transport operator's system

The airlines by and large have e-ticketing, which is their word for that 
process. Yes, you can get printed copies of itineraries, and even 
boarding cards, but the "ticket" is just a number in a central computer.

Hmm... your progress could be monitored by Ryanair-style "platform 
access fees" (in addition to the fare) being charged to a paywave CC by 
the gates at the station when you travelled, so no special smartcard 
needed at all.

>(both of which you might be able to see on-line).

In a system where you are charged for what you've used, it's necessary 
to be able to see what it was "they" thought you used. Unless you trust 
the system implicitly, which would be a mistake - even if what you find 
out is that you misunderstood the rules.

For example, Oyster is now giving people penalties if they spend "too 
long" making a journey. That process would need to be far more 
transparent than it is currently, if the National Rail equivalent of 
such penalties are likely to be counted in hundreds of pounds (otherwise 
they aren't a deterrent for the loopholes they are trying to plug).
-- 
Roland Perry


From lists at internetpolicyagency.com  Fri Aug 21 11:42:05 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 21 Aug 2009 11:42:05 +0100
Subject: Removing the CV2 from Credit Cards
In-Reply-To: <F73DCD96-DD78-40DA-950F-D472E944E55F@batten.eu.org>
References: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>
	<8131ACAC-9107-47EF-9667-6E9F66A6DB12@dev.intechnology.co.uk>
	<e3d4a4800908200747x47b5395bkde5cc8ceaf9e32e@mail.gmail.com>
	<000c01ca21a6$a25222a0$e6f667e0$@eu> <6bMufeZXSXjKFAMN@perry.co.uk>
	<F73DCD96-DD78-40DA-950F-D472E944E55F@batten.eu.org>
Message-ID: <tM2b6UH9nnjKFAud@perry.co.uk>

In article <F73DCD96-DD78-40DA-950F-D472E944E55F at batten.eu.org>, Ian 
Batten <igb at batten.eu.org> writes
>>>> On a related note has anyone else been asked to provide the CVV 
>>>>over the  phone, when ordering a takeaway for example?
>>>
>>> Isn't that the whole point of CVV - to verify CNP transactions?
>>
>> Not if you are paying when you pick up. Apart from the unlikely event 
>>that they'll charge you a "cancellation fee" if you don't.
>
>That's routine for takeaways: the no-show rate is quite high, as is the 
>``delivery order as a prank to other people'' game.

You must live in a rough area :) I've never been asked for CC details 
when ordering a takeaway over the phone.
-- 
Roland Perry


From otcbn at callnetuk.com  Fri Aug 21 09:54:09 2009
From: otcbn at callnetuk.com (Pete Mitchell)
Date: Fri, 21 Aug 2009 09:54:09 +0100
Subject: HSBC banking web site trojan
In-Reply-To: <iTtLisBTFFiKFAGm@highwayman.com>
References: <mailman.2.1250405286.30815.ukcrypto@chiark.greenend.org.uk>	<wEdZVMDwY7hKFwsY@tigers.demon.co.uk>
	<iTtLisBTFFiKFAGm@highwayman.com>
Message-ID: <4A8E60B1.1000301@callnetuk.com>

Richard Clayton wrote  on 16-08-09 19:34:

> The message should be
> concentrated solely on the issue of patching; and not just patching of
> the operating system and browser, but of all the add-on, plugin and
> helper programs that run on modern end-user systems.

Combined with total avoidance of online banking ... 

-- 
Pete Mitchell



From pwt at iosis.co.uk  Fri Aug 21 13:04:18 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Fri, 21 Aug 2009 13:04:18 +0100
Subject: ID Card Fail
In-Reply-To: <5c1eOQFwSnjKFANO@perry.co.uk>
References: <E1MUzx4-0007LI-00@mta2.cl.cam.ac.uk>	<cdc5b5a53f81003318d3cdb5602bb95b.squirrel@mail.batten.eu.org>	<a9f4d96f0908070603n1ef9c43ey254623df670ff798@mail.gmail.com>	<4A7C3EA2.1702.D6C449@davidh.spidacom.co.uk>	<2db6d9920908070951o68eb97c8qa891990fedda1c2b@mail.gmail.com>	<732076a80908071214j411477e6yd6d1d15ce1571c9d@mail.gmail.com>	<20090807204106.2f558604@peterson.fenrir.org.uk>	<732076a80908071905j2a91b8ado677bb18138d59705@mail.gmail.com>	<20090808083623.GR17800@davros.org>	<732076a80908080923g74a89369rc61e61c926d54830@mail.gmail.com>	<2298D4476FA2F44591690E423F07C37B2F59F87A71@EA-EXMSG-C333.europe.corp.microsoft.com>	<4A7DDE15.5010905@iosis.co.uk>
	<4A7E6567.8040803@ernest.net>	<rxfKlG2q1mfKFAcm@perry.co.uk>	<FA47A732-47CA-4996-A3D1-56F9F8AB89D0@batten.eu.org>	<x78sXm8mHufKFAe1@perry.co.uk>
	<5c1eOQFwSnjKFANO@perry.co.uk>
Message-ID: <4A8E8D42.2060506@iosis.co.uk>

Roland Perry wrote:
> In article <x78sXm8mHufKFAe1 at perry.co.uk>, Roland Perry 
> <lists at internetpolicyagency.com> writes
>>> The point about  a mortgage is that it's secured over a property, 
>>> which in turn has a  set of deeds, so even if the mortgage is taken 
>>> out by a fictional  person there is still an asset behind it.
>> I've not studied mortgage fraud in detail, but I thought[1] it 
>> involves a crooked solicitor helping you raise a loan on a fictional 
>> property.
> A BBC story today, that suggests a different model. I assume the 
> entities taking out these loans are either corporate and wound-up, or 
> individuals who have either disappeared with the cashback money, or 
> whose personal assets are nowhere near the gap between the mortgage 
> they raised and the actual value realisable on repossessed property.
>
> http://news.bbc.co.uk/1/hi/business/8213504.stm
Indeed the model publicised here in Bristol some 15 years ago was of 
either fictional properties (in the sense that the borrower didn't own 
them) or multiple loans on a single property. Numerous people went to 
prison, including an estate agent who tried to rent me a workshop 
building that was part of the property that his office occupied, but my 
solicitor quickly rumbled the fact that under his lease he didn't have 
the right to let it out - we walked away, and soon after heard that he 
was one of a large set of people charged with mortgage fraud.

Peter



From davidh at spidacom.co.uk  Fri Aug 21 14:50:19 2009
From: davidh at spidacom.co.uk (David Hansen)
Date: Fri, 21 Aug 2009 14:50:19 +0100
Subject: Removing the CV2 from Credit Cards
In-Reply-To: <tM2b6UH9nnjKFAud@perry.co.uk>
References: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>,
	<F73DCD96-DD78-40DA-950F-D472E944E55F@batten.eu.org>,
	<tM2b6UH9nnjKFAud@perry.co.uk>
Message-ID: <4A8EB42B.14166.16F6008@davidh.spidacom.co.uk>

On 21 Aug 2009 at 11:42, Roland Perry wrote:

> You must live in a rough area :) I've never been asked for CC details 
> when ordering a takeaway over the phone.

Takeaway shops that take credit cards? You must both live in posh 
areas:-) Around here someone rings in, the delivery driver goes out 
with a small float and returns with the cash.

There doesn't seem to be much misuse of this. I wonder how many of the 
"prank orders to third parties" mentioned earlier are people who 
changed their mind and claimed that they didn't want what they had 
ordered.





-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54




From lists at internetpolicyagency.com  Fri Aug 21 15:08:23 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 21 Aug 2009 15:08:23 +0100
Subject: Removing the CV2 from Credit Cards
In-Reply-To: <4A8EB42B.14166.16F6008@davidh.spidacom.co.uk>
References: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>
	<F73DCD96-DD78-40DA-950F-D472E944E55F@batten.eu.org>
	<tM2b6UH9nnjKFAud@perry.co.uk>
	<4A8EB42B.14166.16F6008@davidh.spidacom.co.uk>
Message-ID: <Fl8BQOVXpqjKFA5P@perry.co.uk>

In article <4A8EB42B.14166.16F6008 at davidh.spidacom.co.uk>, David Hansen 
<davidh at spidacom.co.uk> writes
>On 21 Aug 2009 at 11:42, Roland Perry wrote:
>
>> You must live in a rough area :) I've never been asked for CC details
>> when ordering a takeaway over the phone.
>
>Takeaway shops that take credit cards? You must both live in posh
>areas:-) Around here someone rings in, the delivery driver goes out
>with a small float and returns with the cash.

There aren't many takeaways that deliver, here. And those which claim 
to, are pretty bad at it. Living 5 minutes walk from the High St (a 
lifestyle choice I recommend) my takeaways are phoned-in for collection 
20 minutes later. I think they all take CCs, certainly all the Indian 
takeaways, because they are offshoots from a restaurant.

ObCrypto: the thing to watch for is meals you *aren't* charged for, as 
that's what skimmers who don't want to leave a trace are inclined to do.

>There doesn't seem to be much misuse of this. I wonder how many of the
>"prank orders to third parties" mentioned earlier are people who
>changed their mind and claimed that they didn't want what they had
>ordered.

The prank aspect probably only arises for door-to-door deliveries.
-- 
Roland Perry


From chl at clerew.man.ac.uk  Fri Aug 21 16:16:13 2009
From: chl at clerew.man.ac.uk (Charles Lindsey)
Date: Fri, 21 Aug 2009 16:16:13 +0100
Subject: Removing the CV2 from Credit Cards
In-Reply-To: <4A8D4500.4030509@howells.me>
References: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>
	<8131ACAC-9107-47EF-9667-6E9F66A6DB12@dev.intechnology.co.uk>
	<4A8D4500.4030509@howells.me>
Message-ID: <op.uy0p1b0k6hl8nm@clerew.man.ac.uk>

On Thu, 20 Aug 2009 13:43:44 +0100, Alex Howells <lists at howells.me> wrote:

> Nigel Metheringham wrote:
>>
>> On 20 Aug 2009, at 12:04, Ian Batten wrote:
>>> Has anyone actually done this?
>>
>>
>> I have blacked out the CV2 on my card, but it has not subsequently been
>> in the hands of anyone else so I have not had an opportunity for it to
>> be queried...
>
> Blacked out with permanent ink?  Spray it with Lynx or some other
> deodorant and that's easily solved...

Or put a bit of sticky tape over it



-- 
Charles?H.?Lindsey?---------At?Home,?doing?my?own?thing------------------------
Tel:?+44?161?436?6131?                      
???Web:?http://www.cs.man.ac.uk/~chl
Email:?chl at clerew.man.ac.uk??????Snail:?5?Clerewood?Ave,?CHEADLE,?SK8?3JU,?U.K.
PGP:?2C15F1A9??????Fingerprint:?73?6D?C2?51?93?A0?01?E7?65?E8?64?7E?14?A4?AB?A5


From igb at batten.eu.org  Fri Aug 21 16:32:36 2009
From: igb at batten.eu.org (Ian Batten)
Date: Fri, 21 Aug 2009 16:32:36 +0100
Subject: Removing the CV2 from Credit Cards
In-Reply-To: <Fl8BQOVXpqjKFA5P@perry.co.uk>
References: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>
	<F73DCD96-DD78-40DA-950F-D472E944E55F@batten.eu.org>
	<tM2b6UH9nnjKFAud@perry.co.uk>
	<4A8EB42B.14166.16F6008@davidh.spidacom.co.uk>
	<Fl8BQOVXpqjKFA5P@perry.co.uk>
Message-ID: <2D65AED9-8931-49CD-99C2-810DE2B1506D@batten.eu.org>


On 21 Aug 09, at 1508, Roland Perry wrote:

> In article <4A8EB42B.14166.16F6008 at davidh.spidacom.co.uk>, David  
> Hansen <davidh at spidacom.co.uk> writes
>> On 21 Aug 2009 at 11:42, Roland Perry wrote:
>>
>>> You must live in a rough area :) I've never been asked for CC  
>>> details
>>> when ordering a takeaway over the phone.
>>
>> Takeaway shops that take credit cards? You must both live in posh
>> areas:-) Around here someone rings in, the delivery driver goes out
>> with a small float and returns with the cash.
>
> There aren't many takeaways that deliver, here. And those which  
> claim to, are pretty bad at it. Living 5 minutes walk from the High  
> St (a lifestyle choice I recommend) my takeaways are phoned-in for  
> collection 20 minutes later. I think they all take CCs, certainly  
> all the Indian takeaways, because they are offshoots from a  
> restaurant.

Well, the best of the local takeaways (which delivers, but is close  
enough that the 10% discount for collecting it yourself is attractive)  
has just moved from `cash or cheque only' to credit cards.  I must ask  
them what they're doing next time I'm there.  They had a lot of  
problems with no-shows, which they suspected were disgruntled rivals,  
and at one point would only take phoned-in orders from landlines with  
the CLI displayed.

Rough: well, it's not Hampstead...

http://maps.google.com/maps?q=52.40902,-1.949317&t=h&sll=52.445204,-1.934183&sspn=0.090618,0.097418&ie=UTF8&ll=52.408637,-1.948743&spn=0.002065,0.004554&z=18&layer=c&cbll=52.40887,-1.949614&panoid=riq78paJoBjQkalP_--miQ&cbp=12,340.53,,0,6.7


From bdm at fenrir.org.uk  Fri Aug 21 16:48:29 2009
From: bdm at fenrir.org.uk (Brian Morrison)
Date: Fri, 21 Aug 2009 16:48:29 +0100
Subject: Removing the CV2 from Credit Cards
In-Reply-To: <2D65AED9-8931-49CD-99C2-810DE2B1506D@batten.eu.org>
References: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>
	<F73DCD96-DD78-40DA-950F-D472E944E55F@batten.eu.org>
	<tM2b6UH9nnjKFAud@perry.co.uk>
	<4A8EB42B.14166.16F6008@davidh.spidacom.co.uk>
	<Fl8BQOVXpqjKFA5P@perry.co.uk>
	<2D65AED9-8931-49CD-99C2-810DE2B1506D@batten.eu.org>
Message-ID: <20090821164829.76cf49a0@peterson.fenrir.org.uk>

On Fri, 21 Aug 2009 16:32:36 +0100
Ian Batten <igb at batten.eu.org> wrote:

> Rough: well, it's not Hampstead...

But you do live on a building site ;-p

-- 

Brian Morrison

bdm at fenrir dot org dot uk

   "Arguing with an engineer is like wrestling with a pig in the mud;
    after a while you realize you are muddy and the pig is enjoying it."
    
GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090821/6cd65d7e/attachment.pgp>

From lists at internetpolicyagency.com  Fri Aug 21 17:07:16 2009
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 21 Aug 2009 17:07:16 +0100
Subject: Removing the CV2 from Credit Cards
In-Reply-To: <2D65AED9-8931-49CD-99C2-810DE2B1506D@batten.eu.org>
References: <39F500C9-C793-4DD3-B2DC-368AEB25808C@batten.eu.org>
	<F73DCD96-DD78-40DA-950F-D472E944E55F@batten.eu.org>
	<tM2b6UH9nnjKFAud@perry.co.uk>
	<4A8EB42B.14166.16F6008@davidh.spidacom.co.uk>
	<Fl8BQOVXpqjKFA5P@perry.co.uk>
	<2D65AED9-8931-49CD-99C2-810DE2B1506D@batten.eu.org>
Message-ID: <feU3egj0YsjKFA4x@perry.co.uk>

In article <2D65AED9-8931-49CD-99C2-810DE2B1506D at batten.eu.org>, Ian 
Batten <igb at batten.eu.org> writes
>They had a lot of  problems with no-shows, which they suspected were 
>disgruntled rivals,  and at one point would only take phoned-in orders 
>from landlines with  the CLI displayed.

I think that's a basic precaution in any event. But I'm a dinosaur who 
still has a landline.
-- 
Roland Perry


From pwt at iosis.co.uk  Fri Aug 21 18:00:59 2009
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Fri, 21 Aug 2009 18:00:59 +0100
Subject: Government proposes national smart ticketing strategy
In-Reply-To: <360238.91313.qm@web52705.mail.re2.yahoo.com>
References: <360238.91313.qm@web52705.mail.re2.yahoo.com>
Message-ID: <4A8ED2CB.9070603@iosis.co.uk>

Glyn Wintle wrote:
> http://www.computing.co.uk/computing/news/2248187/government-proposes-national
>
>
> The government is consulting on proposals that could see an Oyster-style smart ticketing system introduced nationwide.
>
> The government estimates that a national system that works in a similar manner to London's popular travel smartcard could save as much as ?2.6bn per year through improved journey times and faster, more convenient purchasing and issue of tickets.
>
> The proposals could also see mobile phones being used as tickets with pre-pay credit loaded onto them, and cards and systems that would allow instant contactless payment from bank cards.
>
> Transport minister Sadiq Khan said making it easier to use public transport was a key aim of the proposals.
>
> "We know that passengers want quicker journeys and better reliability, and smart ticketing will help us do that," he said.
>
> "We could see the end to waiting in line at ticket machines, while buses could spend half the amount of time sitting at the bus stop waiting for people to board and looking for the right change. In some cases, direct payments may even do away with the need for a ticket at all."
>
> Smart tickets are harder to replicate and can be electronically "killed" the moment they are reported lost or stolen with any remaining balance refunded.
>
> The government envisions operators being able to run their own loyalty schemes and offer ticket types to suit individual customers' needs....   
>   
Having now read parts of the 134 page report and searched the rest on 
some key terms, plus talking to a couple of other people also doing the 
same, the report is a very good tutorial (although at times slightly 
economical with the information revealed), but doesn't really give us 
the meat for a strategy because it is naive.

However, the press release (quoted above by Glyn) isn't really 
representative of the massive amount of work done by and for the study 
team, by both paid and volunteer participants. I'm not confident that we 
are anywhere near delivering comprehensive smart ticketing and 
integrated public transport than we were 11 years ago with John 
Prescott's White Paper that demanded a 'partnership' between all of the 
players in this endless concert. We have a unique demography and are 
towards the end of an aggressive period of privatisation, so we cannot 
purchase ready made solutions.

Some details at this first scan through the paper:

- Information security per se is not mentioned, and I have not yet seen 
any indirect reference to the necessity to ensure that it is attained 
and, with constant vigilance, maintained.

- Data Protection is mentioned, but not addressed with any serious 
proposals.

- Fraud prevention is not taken seriously, in the sense that there is no 
section dedictated to a strategy in that area.

- Nothing really serious about governance.

Overall this is more of a descriptive and an aspirational paper than a 
serious attempt at guiding the UK (or at least England) to a strategy - 
but, despite that, this paper goes a long way to providing the material 
with which to confound those who make unfounded assumptions about the 
environments addressed.

Peter




From signup at bealoid.co.uk  Fri Aug 21 22:56:31 2009
From: signup at bealoid.co.uk (signup at bealoid.co.uk)
Date: Fri, 21 Aug 2009 22:56:31 +0100
Subject: Government proposes national smart ticketing strategy
In-Reply-To: <4A8ED2CB.9070603@iosis.co.uk>
References: <360238.91313.qm@web52705.mail.re2.yahoo.com>
	<4A8ED2CB.9070603@iosis.co.uk>
Message-ID: <20090821225631.188376u65302dag4@webmail01.purplecloud.com>

Quoting Peter Tomlinson <pwt at iosis.co.uk>:

> - Fraud prevention is not taken seriously, in the sense that there  
> is no section dedictated to a strategy in that area.

Bus Ticket machine companies have spent many years and much money  
making systems that are hard to defraud if you're the bus-driver.   
Almex Data Systems designed cases that made it hard for drivers to put  
coins in, thus shorting circuitry, thus meaning they'd need to use  
hand-written (and thus forgable) tickets.

I'd like to say "It's big business, they've been doing it for years,  
they lose money if people defraud them, of course it'll be okay" but I  
know how naive that is.  I get the impression they'll just trust  
whatever smartcard system is suggested.