Identity Cards
There’s a few things that have been bugging me about the proposals for a new UK National Identity Card. Obviously there’s the major one that it’s a bad idea and won’t work, but I think I can be more specific than that.
You can read more than I care to write about the matter at The Register, but there’s two major points I want to make.
- The Government has lied. They held a public consultation on ID cards last year, and published the results. I quote:
What was learned from the consultation exercise?
11. Individual responses, sample surveys, and polling results have demonstrated substantial support for an identity card. Of the 5000 people and organisations who responded formally to the consultation, 4200 expressed a view. Over 60% of these were in favour. We also received over 5000 e-mails from an organised opposition campaign. Over 96% of these were opposed.
The “organised opposition campaign” they mention is stand.org.uk. The government decided to ignore all 5000 of these opinions and claim that, overall, people were in favour of the proposals. This pisses me off, mainly because what’s the point of having a consultation if you’re going to ignore the results, but also because I was one of those 5000 e-mails, dammit! How dare they ignore my submission to the consultation!
- My basic position on ID cards is “In general, it’s a bad idea, more so if you cock up the implementation”. Unfortunately the implementation being proposed is a complete foul-up. Basically, each card will have two biometrics on it, a primary (probably fingerprints) and secondary (probably facial geometry). If you were clever, you might think “hang on, didn’t David Blunkett say this would ‘make identity theft and multiple identity impossible, not nearly impossible, impossible’. If my fingerprints are stored on this card, what happens when someone nicks it? They’ve just stolen my identity, right? It’s not like I can report my fingerprints stolen and get a new set”. You’d be right, too. A system like that (such as the government proposes) would make identity theft easier, as well as more damaging when it happens.
There is a way around the problem though, which at best leaves the possibility of identity theft as likely as it is today. It’s what a lot of clever people assumed the government would do. It’s called secure cryptographic hashing.
Simply, when you go to have your fingerprints taken to get your card (try to put the slightly Orwellian picture this conjures out of your mind for a minute), the government doesn’t actually store your fingerprints themselves. What it does it produce a cryptographic hash of your fingerprints, a one-way mangling of them, and stores that instead. If the bad guys then nick your card, all they get is a meaningless number. But if all you’ve got is a meaningless number, how can you use it an as ID card?, I hear you ask. Well, the readers at airports, job centres etc. would also produce hashes of the prints they take, and instead of comparing the fingerprints, they compare the hashes. This means that they can verify your identity (which is what the cards are for, right?) without actually having to store your fingerprints on a scary national database. And of course, if your card is nicked, you just regenerate a new hash, and use that to authenticate from then on.
The failure of the government to implement this safer system worries me. It’s not like they weren’t told to - privacy campaigners submitted reports to the consultation explaining in painstaking detail what the correct, safe way to do this kind of stuff is. But they’re being ignored, and that is very very troubling. Why does David Blunkett want to know what your fingerprints are? He still hasn’t answered that…