Thread: OT ... ID cards
View Single Post
  #223   Report Post  
Mary Fisher
 
Posts: n/a
Default

"Stefek Zaba" wrote in message
...

So, to expand this out for the hard-of-reading.

Despite the mildly offensive nature of that comment I read on -because I
respect your opinions among some others.

Currently, it's impractical to conduct mass surveillance of 'ordinary'
people. People have different identifiers in different databases - your
loyalty card number in one, your NHS number in another, your employee-ID
in a third, and so on.

The national all-embracing census perhaps - with all those Jedi ... No, I
didn't have the wit to say that but I did write "irrelevant" on the race
question. There was no come-back, sadly.

That limits the amount of information which any single bent insider can
gain - i.e., someone whose job gives them authorised access to the
information on one database, and is willing to take a peek at someone's
data for 50-100 quid. You'd have to really *want* the information to slip
tens of people that sort of money, sort out the false hits between them,
and so on. The State may have the resources to get the necessary access in
'extreme' cases, and most of us would want it to; even the State doesn't
have the resources to do it routinely.

Behind John's two words 'not connected' are two deep, and distinct,
concepts.

Your understanding is deeper than mine.

Firstly, they're not connected at the 'operational' level: that means
someone whose job gives them access to one database - the car registration
database, say - doesn't have access to medical information. Nor do the
computer systems which query or update the database have access to those
other databases.

Wouldn't it be more convenient in some cases to have that information?

And in the case of the car reg. database, it has some medical information on
me and on Spouse and I'm sure we're not unique.What's more, it doesn't worry
us and that's the main basis for my lack of worry about an ID system, we
have nothing to hide. I know I've said it before but people do keep trying
to prove that we have - or might have. We don't. I have a personal attitude
to this, I know that it isn't shared by others, the same applies to all
sorts of other things I care about, don't care about oram neutral about.

Secondly, they're not connected at the 'logical' level, precisely because
there isn't a reliable, common identifier for the 'same' thing across
them. Where that 'thing' is a person, they've got a different 'unique
within this database' identifier, as mentioned above (loyalty-card number,
NHS number, employee number). Their 'human readable' name will vary: it
may be Elizabeth R Windsor in one, Liz Windsor in another, Elisabeth
Winsor in the third. For reliable 'linking', a common identifier - as the
National ID Register intends to introduce - is all you need: it's then
irrelevant whether you have one big database or lots of little ones, as
the common identifier allows the information in each one to be reliably
associated with the same person. And it allows whoever's paying the bent
insider to be sure they're getting details on the right subject - not just
someone with a similar name.

You're assuming that there WILL be bent insiders. Worse, I suspect, that
there will be no check on such bent insiders.

John then points out that having these 'multiple, incompatible distributed
and non connected databases' acts to 'limit the scope of an error'. This
is what he means: if there's information which is wrong on one or two of
them, it only affects the uses to which those one or two databases are
put. So, if your hospital, gas supplier, and corgi-appreciation-society
all show your address as being 'The Castle, Windsor', your post reaches
you at that correct address from all those organisations. If the Dunkirk
Veteran's Association database misrecords your address as 'Castle Drive,
Staines', only that bit of post goes missing, and when you notice you
haven't had the newsletter and invitation to the annual dinner-dance, you
convince just that one organisation to fix their records; sometimes,
showing them a copy of your gas bill and corgi-soc post, showing the right
address, can help.

I believe that there still would be ways of amending information on the
proposed ID system. Don't ask me how I know, I don't know,I said I believe.

I have not much faith in politicians but I do believe that the system won't
be worked by politicians but be people like you and me, civil servants if
you like, who mostly care about getting things right because it makes their
job easier. I have a son and a daughter in different branches of the civil
service and they despair at the lack of common information about the people
they deal with, it would make them able to do their jobs more efficiently if
there were more.

Once you've a single point of change, an error affects *all* of your
interactions with *all* of the many organisations who decided it would be
Efficient to use that single point as the Right And Proper way of getting
your address. On the plus side, this means you notice errors quicker, and
have more incentive to keep it up to date; on the minus side, the effects
of an error are greater, and it can be harder to get the bureaucracy to
fix them.

You see, Stefek, that's the kind of assumption I rail against. How do you
KNOW that it can be harder to get bureaucracy to fix things? Or that errors
will be more widespread than they are on other databases anyway? I believe
that there will be checks.

Within one organisation, it's worth having a 'single', authoritative point
of change - you'd want, say, Amazon to not have different databases for
their shipping department, their billing department, and their
mailing-out-special-offers department (note, though, that you *do* want
their one database to allow you to specify a different address for a
particular delivery (gift to a friend), for your bills (usually home,
please, but to an employer's or client's address for a particular
purchase)). Across all of your dealings as a citizen or resident of the
UK, though, it's a lot less clear that the advantages of a single point of
change outweigh the risks: and that's one of the pieces of analysis which
simply hasn't been published, whether or not it's been done.

Subjectively speaking (which is all anyone can do) I'd welcome not having to
key in data or fill in forms or repeat information every time I want to
order something, renew something or book an appointment. But whenever I take
any of those actions, or receive confirmation,there's always the request for
confirmation of my details.

Somewhere we have to have trust.

At the moment there are severe restrictions on the data we can keep on
others, I've just realised that the way I keep some information about others
is illegal. If they want to get me for it so be it, no-one's hauled me off
yet and there's no reason why they should. If I MISUSE that information
that's a different matter of course.

Once the databases are 'connected' - whether 'operationally' (the
computers that run them actively swapping information) or 'logically' (one
shared personal identifier across lots-n-lots-n-lots of databases), the
kind of 'mass surveillance' which is currently impractical becomes
practical. It becomes practical for the merely nosey, busybody, vigilante,
weirdo-stalker types, who can now feasibly (pay somebody to) look up the
details on the now-linked databases.

So it will be easier and cheaper to do something they can do now. Not, in my
opinion, a greater 'threat' than is already there.

And it becomes practical for government departments to design ever more
'joined-up' systems, which more and more tightly restrict what it is to be
'normal'.

Why should they restrict it? They don't now.

The richer you are, the less this matters - you can opt out of many Govt
services, you can indulge your little privacy foibles; the more you're an
'ordinary hardworking family', the more it's in your economic and
convenience-of-living interests to simply conform.

Lets face it, most people conform anyway, they only want an easy life. I'm
one of the world's oddballs in my lack of conformity and I STILL don't get
into trouble. Do you think I would with an ID system? I think that those
whose jobs are to ensure the welfare of the country are only intent on
enforcing conformity on those who cause trouble.

Moving by unexamined apathy into that sort of society upsets me:

I think that apathetic isn't a word anyone who really knows me would apply
to me :-)

it seems to me that (a) you

Me personally??

should establish a strong genuinely-informed consensus that 'most of us'
really do want to live that way;

Perhaps those who don't want it need to do the same - without the hyperbole
which has been exhibited in this thread..

I believe that a referendum has been talked about, which still means that
(probably) a majority of people won't be happy :-)

and (b) that you need to make some genuine provision for the 'rest of
them', who don't. The tolerance for eccentricity, self-determination, and
each citizen having their own weird ways of *not* conforming - whether
it's Morris-dancing, thinking that what Chris de Burgh produces is music,
urban chicken-keeping, or building barbeques out of emptied propane
cylinders - is the single most attractive aspect of living in the UK.
(Note the crafty link to both uk and d-i-y there ;-)

Oh come on! You're surely not suggesting that those freedoms will be stamped
on?

Also don't forget the new scope for data mining exercises correlating
your innocent behaviour to that of a known problem groups.

John's already explained what 'data mining' means - it's looking for
patterns in the data that's held about a Thing (a person, say, or a car)
to find Interesting New Patterns from which Interesting Conclusions can be
drawn.

Why should the State want to do that?

The uses of this technique are legion. For example, a supermarket might
find that people who often buy nice, hand-made pasta also buy fancy olive
oil (unsurprising) and travel magazines (less obvious), and decide to put
together some Targetted Promotion.

Amazon already does that, it's quite useful :-)

Or your credit card company finds that a long period of disuse followed by
repeated mid-value purchases indicates fraud

That already happens with some bank accounts and it certainly does on one of
my credit card accounts. I appreciate it.

- great if your card's nicked and the unauthorised spending's brought to
your attention early, not so great if you've been holding off spending
until having all the grandchildren over for your 75th birthday for which
you're buying them each a pressie.

No problem, they check, ask if you've done it, you say yes and that's it.
I've done it - not for that purpose mind you, I've no intention of buying
them presents on MY birthday :-)

Because data mining produces only 'correlations', its 'predictions' aren't
'certain'. This doesn't matter much if it makes your marketing just
'rather' better, so 'only' 88% of your mailshots are ignored, instead of
94%. It matters a bit more if your spending/activity patterns match those
of some rightly-suspect group (e.g., you're a foreign-named keen d-i-y'er
and planespotter who spends lots of time buying military surplus gear and
travelling to airports), and the resulting Enquiries turn neighbours and
colleagues against you...

With neighbours and colleagues like that ... Although I know people who do
all those things (not necessarily at the same time) and they don't attract
any kind of attention. Even the ones who collect tanks.

Hope that helps round out John's pithy comments... Stefek

Well, it demonstrates your interpretations of them, which might well be the
same as his intentions. But it still doesn't mean that your fears are bound
to happen. No more than what you see as my 'complacency is justified.

Thanks again,

Mary



Reply With QuoteReply With Quote