Friday, November 23, 2007

David Blunkett should shut up

When the news about the lost disc with 25 million child benefit records initially broke one of my first and instant reactions was that the incident, far from brining ID cards into question would actually be used as a justification for them. This didn't take long to happen and today the former Home Secretary David Blunkett has written to the Times arguing the case in a letter riddled with fallacy and flawed analysis.

The first problem comes when he says that those using the loss of data to argue against ID cards is a "diversion by those who have never wanted ID cards anyway, and who do not appear to have ever understood them". Wrong. The diversion Mr Blunkett is your attempt to dismiss their argument by playing the associative circumstantial man rather than the ball.

Whether someone has always been against ID cards or not is irrelevant when assessing the validity of their argument. Suggesting so is intellectually bankrupt. However it is when we get to his actual "argument" where it all falls apart for Blunkett. He says,
"The database is simply about identity — not about the plethora of information that already rests elsewhere. It will actually make it easier to protect your identity, including in circumstances such as these where information has gone missing. This is because it gives an absolutely robust form of identification that stops other people being able to pretend that they are you, simply because they’ve got hold of some of your personal details. It will allow a proper check to be made between your own biometric and that held on the database, giving greater protection"
Dear Lord! There are least two glaring problems with this argument. Firstly there is the false demarcation being made between ID cards and the HMRC issue on the basis of the content of the database. They are not separate issues at all, because at the core of the HMRC issue (and the core of the ID database) is the weakest point of any system, the user.

The ID database remains a simple database that has human beings entering data on to it. Errors in entry do and will occur as they do with any large-scale system. Data corruption and the consequent data cleansing required are standard operating practices of managing such information systems that contain millions of records.

The point to stress here is what happens to someone's "identity" when data corruption occurs because of entry mistakes? Maintenance mistakes? Hardware failure and subsequent recovery of data? Network outages that mean querying is not possible? Or simply stupid people making stupid requests? Remember that if your biometric data is exposed you cannot apply for a new set.

What happens when you discover that your identity is not protected on the database because as far as the database is concerned - due to cock-up, not conspiracy - you either don't exist or it says you are someone else? What happens when you go to the bank and they say "sorry Sir, you are trying to commit fraud, the Government says you’re lying we’re calling the Police"?

Blunkett's argument here is essentially predicated on the notion that database integrity is 100% guaranteed and that not enough people understand this, he willfuklly ignores the human factor in his consideration. Mr Blunkett, you won't find a DBA or SysAdmin in the world worth their salt that will give you a 100% integrity guarantee on a system. The potentiality of 'garbage in garbage out' alone is enough to ensure that without even considering the other practical realities of administering such things.

The second, and frankly unbelievable claim that Blunkett has made is his use of the phrase "absolutey robust" in relation to biometrics. Absolutely robust? Those are very bold words given the last point made about managing data integrity, but worse still they perfectly illustrate why it is not those arguing against ID cards who don't "understand" but rather the former Home Secretary and his ilk.

The argument is based upon the assumption that biometric data is impossible to workaround forever and ever in the world, the universe and time. Biometric data, for Blunkett, is impervious to fraud. It is impossible to pretend to be someone else ever because of this. This is not just nonsense; it is, to coin Bentham, "nonsense on stilts".

Personally I’m not quite sure if the assumption is dangerous or stupid in equal measure. The notion that because something is considered not possible now it will ultimately remain so is utterly bizarre. That's a bit like a SysAdmin saying "it's impossible to hack my server". It is very simple, nothing that is devised by man cannot equally be worked around by another man who desires to do so.

Whilst it may be science fiction one only has to see the film Gattaca to realise that in a world where biometrics are everything, people will find simple, and frankly elegant ways of getting around the system. Let us not forget that biometric passports have already been hacked. You don't need to fake biometrics to get around the current biometric systems, and when the time comes and someone wants to enough, they will.

Given all the above, I'm not really sure I can pass much more comment on Blunkett's closing words which says,
"That so few people understand this is the problem that government faces in persuading people that such a system will be better then any other, precisely because it will be robust, efficient and verifiable."
Actually I lied, I can pass comment. Mr Blunkett, it is not those arguing against ID cards (for which there are clearly strong political argument too about autonomy of one’s own information) that do not understand the problem. It is you. Basically you're talking bollocks.


Tony said...

Some of the reason why Blunkett keeps harping on about this can be found here:
"Chair of International Advisory Committee to Entrust Inc" entrust being an authentication and encryption software company and are the sort of people who may well get a contract to implement this nonsense.

Old BE said...

The thing which scares me most about the ID database is that it's certain that some people's details will be entered incorrectly, or amended incorrectly and that subsequent queries will result in wrong answers. On a stupid level someone enters that I have green eyes so that whenever I go to the bank they see blue eyes and assume that I am a fraud, or I am flagged up on the system as a debtor when it's the other Ed who should have been marked.

Once we get too reliant on the technology people will lose the ability to make their own judgements, and then when the "computer says no" that will be the end of it.

Mr Eugenides said...

Tony Kennick: indeed.

Blunkett is trousering between £25K and £30K from Entrust, who run several governmental ID card and E-pass schemes, and have formally registered their interest in the British ID card project.

He chooses not to mention that in his letter, I notice.

Anonymous said...

And may I commend you on drawing attention to this rarely mentioned fact, which is that you only have two retinas and ten fingerprints, and once they are gone (as a result of HMRC losing disks, or, perhaps, because you need to present them in a court to prove who you are, whereupon they become a matter of public record) they are gone.

Whereas you can always get a new password - or better, a new (asymmetric) encryption key, of which there are, in principle, an infinite number, and of which none are actually part of your own body.

newcastle pubwatcher said...

You re missing a trick here.

Of course DB will say whatever he needs to in order to promote ID cards. The old darling has a £30k a year consultancy from Entrust.... who hope to provide software for the UK ID card system.

James Higham said...

When the news about lost disc with 25 million child benefit records initially broke one of my first and instant reactions was that the incident, far from brining ID cards into question would actually be used as a justification for them.

Precisely - you're right onto it.

Anonymous said...

Top post Dizzy!

Blunkett just cannot see that he is talking a whole heap of very dangerous nonsense!

It's my ID and I'd like to look after it for myself thank you.

Mulligan said...

Blunkett is just like most of these numpties , any half decent salesman could sell them the IT equivalent of the Yank who bought London Bridge thinking it was the one with the Towers. Politicians only ever think about the headline, never the consequences (as demonstrated by most of recent government policy).

Personally I'd just issue Blunkett an ID card with Stevie Wonder's picture on it, then he might understand the complete bollx he's talking.

Roger Thornhill said...

Blunkett talking bollocks?

Spot on.

Anonymous said...


As I pointed out the other day, John Hutton was talking absolute bollocks about this on Newsnight. His premise was that data on the ID database would be "biometrically ringfenced" and therefore couldn't be "lost" in the same way as the HMRC data.

This leads me to believe that everyone who needs to access the ID database for any reason will be issued with a perfect replica eyeball of everyone on the database. So, for example, when the DBA has to do a back-up, he will have to scan the eyeballs one-by-one to be able to copy the data.

Assuming 60 million records, and 10 seconds per replica eyeball scan, I work that out to be 19 years to do a back-up.

Or maybe he was talking bollocks, and the biometrics data will just be 1s and 0s arranged into bits and bytes like everything else and, as such, will be accessible just like everything else if it were to be stuck on a CD without encryption.

I do hope that the Tories are assembling some plain speaking experts to debunk the crap we are hearing about this.


flashgordonnz said...

Shouldn't this bunch appear on:


El Draque said...

Retina scans are robust, are they? I lost one retina fifty years ago in an accident - my only similarity to Gordon B - so that's half my chances of giving data gone. And if I lose the other - God forbid - then I suppose I don't exist any more?

Anonymous said...

He should certainly shut up. But then so should the flip-flopping Tories who voted for this moronic scheme.

dizzy said...

One of which wasn't me so... oh look.. you have no actual point to make!

Anonymous said...

Some of your readers will be aware of a programme on Discovery (or similar) Channel called "Mythbusters". The 5 presenters take common myths and either prove or bust them using a variety of ingenious tests and experiments. Not long ago they presented the proposition that "it is impossible to break into a safe room which is protected with a biometric thumbprint reader".

They surreptitiously obtained a thumb print from a glass which had contained a drink for another member of the crew and then proceeded to make a synthetic copy of his thumb. Later the print owner, still unaware that the team had stolen his print, agreed to be the guinea pig and had his thumbprint programmed in as the sole approved key for opening the door. I will not go into the details further, save to say they were successful in their endevours and the false rubber "thumb" bearing the guy's print successfully opened the door.
There would thus seem to be a lot of security holes still to be sealed in just about any biometric system. Hollywood comes to real life!

Anonymous said...

To take the retina scan one stage further, re a comment above:

As one ages, retinas can tear without it becoming apparent except under examination.

Does this mean that a security scan will declare your data is faulty?

Patients with retina problems can have retina tears partially rectified by laser treatment, which leads to scarring - again, would this invalidate original scan data?

Anyone out there knows the answer?

SimonW said...

Ben Goldacre describes how to copy fingerprints in his Bad Science column in the Guardian today

Ben Goldacre Bad Science

Perhaps Blunkett ought to read it

Falco said...

"willfuklly" Freudian typo?

dizzy said...