October 2008

ID Card Needed to Purchase Mobile Phones

ID card to Purchase Mobile

Could this be the latest ploy by the UK government to encourage people to adopt the still voluntary National ID Card? Under government plans revealed in October it seems that everyone wanting to buy a new mobile phone will be forced to provide some official form of identification and that appears to mean either a passport or an ID card. This registration data will be stored on a new government database.

In the UK there are about 72 million phones in operation of which about 40 million are prepaid and can be bought over the counter in a supermarket with cash and with no identification of the user. These pay as you go phones are attractive to a broad spectrum of users including unfortunately criminals and terrorists.

These moves are all part of the Data Communications Bill planned for the Queens speech in November although latest rumours suggest that Jacqui Smith the Home Secretary may have put these plans on hold due to the increasing concerns raised by her own officials. The idea is for the government to build a database on all citizens’ activity with the internet or mobile phones, text messages (57 billion in the UK in 2007), eMails (3 billion every day) and internet web activity (much bigger still). As commentators have pointed out this would be the ultimate surveillance state, you could track the location of a target’s mobile phone, then use the DVLA database to get their car registration number, the Police database to track the movement of the car using the automatic number plate recognition system currently installed on all major roads in the UK. And of course you could track all associated people through their mobile phones and have a look to see what they are up to.

Just in case you had forgotten the state can also track a citizen’s activity by their use of financial payment cards, travel cards, close circuit TV cameras (4.2 million in the UK) and their travel records as per the new e-Borders database. It sounds just like a Sci-Fi film from the 70’s yet today this is where we are in the UK and yet we need to know is this a step too far?

If there was a totally trusted body with totally trusted employees, a totally trusted way of accurately acquiring the data and a totally trusted database handling all this data by totally trusted users then I guess few people would complain. In fact the only time you would hear about it is when some criminal or terrorist is brought to judgement or even better when some atrocity has been avoided. The trouble is we don’t actually have any confidence in any of these parameters.

Nobody really trusts the Government and in fact they have arguably badly impeached their reputation by using the terrorism laws to freeze the bank accounts of the Icelandic banks in the UK this month. It makes the actions of local authorities look like trivia in their spying on citizens to check their dog walking habits and to see where they are habiting/cohabiting or what have you in terms of rights for schools placements. This is not a good start for a new national database.

Does anybody seriously believe you can have totally trusted employees? Whether for personal gain or to protect their current status or possessions people can always be motivated to take unlawful actions. Remember the 600 people disciplined in DWP for having a look at records not required as part of their work tasks, similar things are known to happen in the NHS and probably just about any other office you can think off – the tax office for example. It doesn’t stop there because people also make mistakes (yes, all of us) which can lead to the compromise of confidential data. It’s now almost a daily occurrence to see who the latest guilty party is. Not only the government off course but often their advisors, PA Consulting, EDS and Deloittes have all recently made the front page with lost laptops, disks or memory sticks.

Then you have the matter of accurately and securely acquiring the registration data. Now with ID cards and e-Passports there are biometrics designed to stop multiple and false applications. The trouble is that this doesn’t work too well in the field when you don’t do a similar biometric check because bogus cards or passports will not be detected particularly when the terminals are incapable of checking the digital signatures. I can’t imagine the local supermarket having a biometric reader in order to sell a mobile phone. And one thing you can bet on is that criminals and terrorists will be the experts at knowing how to get by with false identity documents.

Advertise Here

Email: info@smartcard.co.uk

In terms of the security of the database itself and more particularly the access control to the data in the database. If you have a large number of authorised users then you immediately have a problem controlling authorised access. One imagines that for this sort of planned database there will be a large number of users across multiple departmental/organisational boundaries. Perhaps we could mandate 2 Factor authentication, a good use of smart cards and one that we might well expect to see on the increase. But then we have yet another registration problem of identifying the users and managing the authentication system and its database, no mean feat.

In fact we can almost certainly conclude that any database of this scale with its myriad of users is going to result in breaches to user privacy. Worse it may even be by design, the deep packet content filtering system being tested by BT (PHORM) as part of a new targeted advertising scheme is sort of in the middle of all of this, look at what the user is doing on the internet and target the advertising accordingly – pretty invasive stuff particularly if you can’t opt out.

So the question is will all this really happen? Well it has already started with GCHQ reportedly being given £1 billion to set up a network of black boxes on the internet to monitor traffic with total project costs estimated at £12 billion. Remember ECHELON, the signals intelligence collection and analysis system developed under the UK-USA Security Agreement to monitor fax, emails and other data communications. Apparently this was not capable of really doing the job and that this new approach is designed to correct the shortcomings.

As for the new National Database well that seems less likely, I can’t imagine the privacy bodies letting this one go by without a fight.





Whitepapers

19/05/2019 Headlines

Belfast Council Launches its Own Digital Currency

The authority has worked alongside Israeli tech firm Colu to create Belfast Coin, a virtual currency that will launch across the Northern Irish capital later th.....Read More

Android Pioneer HTC Stages Retreat from China

HTC is pulling its smartphones from two of China's largest online marketplaces, raising concerns about the brand's future.

The firm was the first to sell.....Read More

eBay Could Start Accepting "Virtual Currencies," Leaked Pics Suggest

If true, the eBay integration could open the floodgates for mainstream adoption of digital currencies. eBay currently has more than 180 million registered users.....Read More

Bank of England Calls for 'Super Shield' Against Cyber Attacks

Britain may need to copy the United States in building a "super shield" against catastrophic cyber attacks or major IT glitches that could cripple the finance i.....Read More

Lawsuit Accusing Apple of Unfairly Dominating Mobile App Sales Will Proceed

The U.S. Supreme Court, in a narrow 5-4 decision written by Justice Brett Kavanaugh, ruled that a consumer lawsuit challenging Apple Inc.'s dominance of mobile .....Read More

Cryptocurrency Exchange Cryptopia Halts Trading and Announces it is in the Process of Liquidation

Cryptopia, a cryptocurrency exchange headquartered in New Zealand, has halted trading and announced that it is now in liquidation.

In January, the exchan.....Read More


Video Interviews

Tim Jones talks on the wealth of networks

Christophe Dolique of Gemplus talks about ·SIM

Dominique Brule of Philips Semiconductors talks about Near Field Communication