Links

Apparently, ID cards will not be compulsory after all. Also…

Mr Johnson even admitted the suggestion the cards would help combat terrorism was exaggerated as he accepted the Government should never have allowed “the perception to go around that they were a panacea for terrorism”.

No, really? Anyway, the thing that amuses me is this

It will remain compulsory for foreign nationals staying the UK long term to have an ID cards but Britons will only have one now if they request it.

OK, so when I get stopped in the street, how do I prove that I am not a foreign national staying long term?

Share This

The government has quietly launched two quite fascinating initiatives. I have no idea why there wasn’t more fanfare. I was even at OpenTech, where one was announced, and I didn’t know!

Firstly, Show Us A Better Way

Ever been frustrated that you can’t find out something that ought to be easy to find? Ever been baffled by league tables or ‘performance indicators’? Do you think that better use of public information could improve health, education, justice or society at large?

The UK Government wants to hear your ideas for new products that could improve the way public information is communicated.

And 20 grand for the best ideas, too.

Secondly, The Public Sector Unlocking Service (Beta). I love that they put “Beta” in there. Tell them about crown copyright data some bureaucrat is hoarding, and they’ll read them the riot act. Awesome.

Share This

It seems like a long time since I spent a very long afternoon (and evening) observing the electronic count of the London Elections. Yesterday, the Open Rights Group released its report on the count. The verdict?

there is insufficient evidence available to allow independent observers to state reliably whether the results declared in the May 2008 elections for the Mayor of London and the London Assembly are an accurate representation of voters’ intentions.

There was lots of nice machinery and pretty screens to watch, but in my view three more things were needed to ensure confidence in the vote.

• A display that showed (a random selection of) ballots and the corresponding vote recorded automatically.
• No machines connected to the network that could not be observed.
• A commitment to the vote (I mean this in the cryptographic sense) after which a manual recount of randomly selected ballot boxes.

The last point is technically tricky to do properly, but I think it could be achieved. For example, take the hash of each ballot box’s count, then form a Merkle tree from those. Publish the root of the tree as the commitment, then after the manual recount, show that the hashes of the (electronic) counts for those boxes (which you would have to reveal anyway to verify the recount) are consistent with the tree.

Share This

The Guardian has a nice article about Wikileaks today. This was triggered by bizarre behaviour on the part of Bank Julius Baer’s lawyers, Lavely and Singer (“Attack Dogs of L.A. Law”), who asked Wikileaks to remove documents without specifying what documents or who their client was and then got an injunction to have the wikileaks.org domain deleted.

The documents are still available, of course.

One thing I should correct, though. The article says

Those behind Wikileaks include … Ben Laurie, a mathematician living in west London who is on the advisory board.

I’m not a mathematician (any more), and I’m not behind Wikileaks. I think its a good idea, and I did comment on an early design for the technical infrastructure (which, I must say, was cool), but I am otherwise uninvolved. Everyone thinks this is just a cunning ploy to distance myself from it, but really, its true.

Share This

Isn’t it amazing that politicians have so little respect for their electorate that they are quite willing to say things like this?

Telecommunications Minister Stephen Conroy says new measures are being put in place to provide greater protection to children from online pornography and violent websites.

“Labor makes no apologies to those that argue that any regulation of the internet is like going down the Chinese road,” he said.

“If people equate freedom of speech with watching child pornography, then the Rudd-Labor Government is going to disagree.”

I’m sure there’s no need to explain yet again why the Australian idea that they can filter the ‘net is doomed. But what does need some explaining, in my view, is why Conroy thinks he can get away with equating “protecting children from online pornography” and “watching child pornography”? Why have journalists become so passive that they will happily quote such nonsense without any inclination to do some actual analysis of the “news” they so mindlessly quote. It’s no wonder traditional media are in fear of the blogosphere.

Share This

The government waited nearly a month before revealing that they had lost personal data on 25 million UK citizens. Presumably they could have waited forever if they’d thought they’d get away with it.

If you agree that there ought to be a law obliging organisations to reveal such breaches, then the petition for you is right here.

Share This

I listened to Shirley Williams today speak about the identity card on the always excellent “Any Questions” program on Radio 4. She is not a fan. First of all she made it clear that she believed the LSE’s estimate of the cost, at £19 billion, rather than the government’s, at £5.6 billion. But then she got really quite outspoken

I think the ID cards are much more serious than people realise … the absolute key thing, and I can’t stress this enough, is that the level of data that the government proposes to collect under the ID bill … adds up, in my view, to a Big Brother scheme of the most terrifying kind.

Because it is so expensive our government will sell our data to commercial interests

It will be a record of where you’ve been, what you’ve done, who you’ve talked to, and I think its a terrifying scheme and I’m another person who’s prepared to say I wouldn’t cooperate with it in any way at all (lots of applause)

When asked if she would court jail in her resistance to ID cards, she responded

Of course … My view is that the identity card will undermine individual civil liberty so seriously that one is entitled to say that one won’t cooperate with it. I have not suggested I would use violence, I am suggesting I wouldn’t cooperate with it, nor will I.

Yes, yes, Shirley, but there’s no need to beat about the bush – tell us what you really think!

I wonder if Shirley supports No2ID?

Share This

In 1869, John Stuart Mill wrote “On Liberty”. My attention was drawn to it by a young adult of my acquaintance who had been set it for homework. Its a fairly long essay, but it can really be summarised by this paragraph

But there is a sphere of action in which society, as distinguished from the individual, has, if any, only an indirect interest; comprehending all that portion of a person’s life and conduct which affects only himself, or if it also affects others, only with their free, voluntary, and undeceived consent and participation. When I say only himself, I mean directly, and in the first instance: for whatever affects himself, may affect others through himself; and the objection which may be grounded on this contingency, will receive consideration in the sequel. This, then, is the appropriate region of human liberty. It comprises, first, the inward domain of consciousness; demanding liberty of conscience, in the most comprehensive sense; liberty of thought and feeling; absolute freedom of opinion and sentiment on all subjects, practical or speculative, scientific, moral, or theological. The liberty of expressing and publishing opinions may seem to fall under a different principle, since it belongs to that part of the conduct of an individual which concerns other people; but, being almost of as much importance as the liberty of thought itself, and resting in great part on the same reasons, is practically inseparable from it. Secondly, the principle requires liberty of tastes and pursuits; of framing the plan of our life to suit our own character; of doing as we like, subject to such consequences as may follow: without impediment from our fellow-creatures, so long as what we do does not harm them, even though they should think our conduct foolish, perverse, or wrong. Thirdly, from this liberty of each individual, follows the liberty, within the same limits, of combination among individuals; freedom to unite, for any purpose not involving harm to others: the persons combining being supposed to be of full age, and not forced or deceived.

In other words

• Think what you want.
• Write what you want.
• Do what you want, so long as it does not harm others.
• Be with who you want.

These seem self-evident to me. How have we managed to move so far from these basic principles?

Share This

Apparently the government wants to know about “risks to children from exposure to potentially harmful or inappropriate material on the internet and in video games”.

As soon as people start talking about potential harm, alarm bells start ringing. This phrase, repeated ad nauseam throughout the consultation, suggests to me a willingness to accept opinion and hearsay in lieu of hard evidence. And that, in turn, suggests to me that the conclusion of the consultation is foregone: the Internet is “potentially” harmful, as are video games, we should do more to protect vulnerable children, censorship is good, regulation is good, liberty is bad, free thinking is bad. You read it here first.

The Open Rights Group are planning to submit a response – if you’d like to help form that response, your comments are welcome.

Share This

EU Justice and Security Commissioner Franco Frattini joins the ranks of the terminally deluded

I do intend to carry out a clear exploring exercise with the private sector … on how it is possible to use technology to prevent people from using or searching dangerous words like bomb, kill, genocide or terrorism

Do you, indeed? Of course, this is going to make a huge difference: Hitler would never have killed all those Jews if we’d managed to stop him Googling for “genocide”, after all, so I can totally see your reasoning here.

I really like that he wants to stop us even using these words. When will they be struck out of dictionaries? And all the books they appear in?

Hmm, if we can’t say “genocide” does that mean that we’ll all be forced to deny the Holocaust? Isn’t that actually a crime in some EU countries?

Share This

The Open Rights Group released its report on e-counting and e-voting in the recent elections. Executive summary: it didn’t work very well.

Incidentally, ORG is looking for board members, as some of the incumbents (e.g. me) are moving over to the Advisory Board. The deadline is June 22nd.

Share This

I recently attended a conference on “Respecting Privacy in Global Networks“. One of the talks was about road usage charging – the general idea being that instead of paying a flat fee related to your vehicle type, you pay for the roads you actually use. Of course, the obvious ways to implement this (either using a GPS to log a trail to some kind of secure device which is periodically examined to determine fees, or by collecting car details with roadside receivers) are stupendously privacy invading.

But, it occurs to me, we have the technology at our fingertips to make this system anonymous (except for defaulters) quite easily. All we need to do is fit cars with a device that can spend anonymous digital cash as they pass checkpoints. Cars that don’t fork out get their numberplate photographed. Obviously you have to back this up with legislation that forbids checking numberplates except on defaults but that seems easy enough.

Of course in London we should have this system for congestion charging, which already monitors everyone’s movements.

Share This

The Royal Academy of Engineering has published an almost sensible paper on privacy and surveillance. They get off to a good start

There is a challenge to engineers to design products and services which can be enjoyed whilst
their users’ privacy is protected. Just as security features have been incorporated into car design, privacy protecting
features should be incorporated into the design of products and services that rely on divulging personal information.

but then wander off into cuckooland

sensitive personal information stored electronically could potentially be protected from theft or misuse by using digital
rights management technology.

Obviously this is even more loony than trying to protect music with DRM. Another example

Another issue is whether people would wish others to have privacy in this arena – for example, the concern might arise
that anonymous digital cash was used by money launderers or terrorists seeking to hide their identity. Thus this
technology represents another dilemma – should anonymous payment be allowed for those who wish to protect their
privacy, or should it be strictly limited so that it is not available to criminals?

Riiight – because we have these infallible methods for figuring out who is a criminal.

Also, as usual, no mention whatever of zero-knowledge or selective disclosure proofs. But even so, better than most of the policy papers out there. Perhaps next time they might consider consulting engineers with relevant knowledge?

(via ORG)

Share This

The government is running a consultation on its e–Government framework for Information Assurance. The thing I find most disappointing about it is the complete inability to see beyond identification as a means of access control. I believe it was at PET 2005 that someone claimed that an analysis of citizens’ interactions with government in Australia showed that in over 90% of cases there was no need for the individual to be identified – all that was needed was a proof of entitilement. This can be achieved quite easily even using the kind of conventional cryptography the framework advocates, though this will still allow a citizen’s interactions to be linked with each other – which we all know is not desirable. Even better to use zero knowledge or selective disclosure proofs, as discussed ad nauseam in this blog. Yet, despite this, there is not a single mention of any access control method other than complete identification.
If you do nothing else, I encourage you to make this point in any submission you make.

Share This

They don’t work, they cost an arm and a leg, and they create a surveillance state. In short.

Share This

I’ve been widely quoted as saying

“I would not trust my life or even my liberty to Tor”

in a New Scientist article on WikiLeaks. I said this because low-latency systems such as Tor are susceptible to traffic analysis by a strong adversary (such as, say, a government). If I were a dissident in a country with an evil government I would not rely on Tor to protect me from that government. Actually, I should rephrase that: if I were a dissident I would not rely on Tor to protect me.

This is not to say WikiLeaks expects you to rely on Tor, I was commenting in general about the security of Tor, not about the security of WikiLeaks (in the absence of a detailed design, I can’t comment on that).

Share This

I suspect WikiLeaks is going to be all over the web tomorrow, if it isn’t already.

WikiLeaks is developing an uncensorable version of WikiPedia for untraceable mass document leaking and analysis … We aim for maximum political impact; this means our interface is identical to Wikipedia and usable by non-technical people. We have received over 1.1 million documents so far.

Google it!

Of course, the naysayers say it might be used for evil, and so it shouldn’t exist. The naysayers need to think about the terribly negative social impact of other tools that might be used for evil, like the pencil.

Share This

Business Week has an article about the consequences of “medical identity theft”

When Weaver was hospitalized a year later for a hysterectomy, she realized the amputee’s medical info was now mixed in with her own after a nurse reviewed her chart and said, “I see you have diabetes.” (She doesn’t.) With medical data expected to begin flowing more freely among health-care providers, Weaver now frets that if she is ever rushed to a hospital, she could receive improper care—a transfusion with the wrong type of blood, for instance, or a medicine to which she’s allergic. “I now live in fear that if something ever happened to me, I could get the wrong kind of medical treatment,” she says.

So, one of the things NHS Spine enthusiasts keep trying to sell us is how access to all this information will benefit us. Unless its someone else’s information, that is, in which case it might kill us instead. Until the Spine gives me a way to control the information it holds, I won’t be able to trust it.

Share This

I wrote recently about the EU claiming Linux video was illegal. When I wrote that, I also asked them why they thought that. Apparently it was a statement made in error, so they have revised the FAQ.

On which platforms can I view the live streaming media service of the Council of the European Union?
The live streaming media service of the Council of the European Union can be viewed on Microsoft Windows and Macintosh platforms.

OK, so now its not illegal, what possible reason could they have for not supporting free software? I’ve asked.

Share This

My ex-MP, Clive Soley, has a blog. In it, he displays his usual grasp of the important issues

Fine Dan. You opt out of the NHS system as is your proper right but don’t blame me if in an emergency you don’t get the right treatment quickly enough because they have to ask permission to get your record when your unconscious!

Anyone who has looked into this even a little bit knows perfectly well that A&E aren’t interested in your medical history, apart from any that’s drastic enough to make you carry a warning about your person. For which, of course, a central database is totally not required. Incidentally, I wrote to my GP asking her to opt me and my immediate family, which she did without any fuss (see “Big Brother Knows Best“).
In the same post, amazingly

DNA. Any state system of collecting information is always a balance between the usefulness of the information to the individual (see above) and to society and those aspects have to be set against any dangers to overall freedom. As I have already said collection of DNA seems to me to be fairly easily justified.

The advantages are :

1. A very useful way of avoiding some of the wrongful convictions we have seen in the past:

2. A strong deterrent for crimes of extreme violence especially rape and murder:

3. A way of increasing the speed at which an offender can be caught – think how many murders and rape cases in the past could have been cleared up quickly before further offences could be committed.

Funnily enough, there’s no corresponding list of disadvantages.

It reminds me of the one time I interacted with him as my MP. I wrote to him about trespass, which was, at the time, to be criminalised. His response? “Law-abiding citizens have nothing to fear”. Apart, that is, from the ones that were law-abiding yesterday and are criminals today. He also went on to respond to a number of points I had not raised, presumably because I was being fobbed off with a form letter for a campaign that was running at the time.

Share This