Thread: OT ... ID cards
View Single Post
  #283   Report Post  
John Rumm
 
Posts: n/a
Default
Mary Fisher wrote:

Your reply was far too long for me to answer in detail at a time when I'm
getting on with my little life - Monday is washing day you know. But since
everyone needs a hobby and although you say that you're short of time you've
spent a lot of it on just this one post I did what seems to be common on
Usenet and picked out a couple of things to answer.

Fairy nuff... (a good amount of the post was a cut'n'paste from a gov
web site though which did not take me long ;-). Forgive me if I do the
same (not answer everything that is, not do the washing!).

Well look at it this way. Would a criminal be able to impersonate you to a

No. We shred and compost non shiny paper, you should have expected that :-)

Aha, the plot thickens...

I have obviously been reading some of your statements about having
"nothing to hide" and not caring who knows your personal information a
little too literally.

You demonstrate here that you do care, and you do take (very sensible
IMHO) steps to "hide" personal data that could be of value to criminals.

Are you aware of the implications of hiding nothing?

There haven't been any problems so far. In that historical context I'm
happy to continue.

This is what threw me... sounds like we have conflicting understanding
of "hiding" stuff. Responsible management of waste paper containing
personal data I would count as "hiding" something.

(same goes for wiping / destroying old hard drives prior to disposal)

I would agree with you, money is not that important. I rate it about level
with oxygen. If you have enough it ceases to matter.


Trite. I might as well say that if you don't have money you have no money
worries.

You may find the local butcher has a different viewpoint as you exit
with next weeks roast in exchange for nothing but gratitude ;-)

Perhaps because over the last six month period your[1] spending pattern
had changed and you started to run up large debts that you did not repay.

Of course you did not notice this because it was not you doing it.


You underestimate me. Ever heard of on-line banking? Ever heard of being
able to check your account at any time? We don't rely on paper statements.

Yup I know online banking. Again I was illustrating just one way people
can be vulnerable to the work of ID thieves.

You will pardon me if I don't expand on the technicalities, but there
are ways the exact same technique could be deployed against on online
banking service as well.

There is a principle in computer security and cryptography you can
summarise as "know your enemy" - in otherwise you have to make an
assessment of how much effort an attacker is willing to place into
compromising a system, and what resources they have at their disposal.
The rules change depending on whether your attacker is a bored teenager,
or a foreign nation's security service!

I'm beginning to wonder if you've done this yourself, it's so carefully
thought out.

Did not take much effort to think up... not sure what you can read into
that. Engineers have devious minds perhaps!

Perhaps you have but we haven't. We don't overdraw. Credit accounts are paid
by DD, in full. As are all utility bills. We have no debts, none.

That doesn't mean, by the way, that we are wealthy, it means that we don't
spend more than we can afford. Ever. If we can't afford something we do
without - but as I've said ad nauseam we don't want anything we don't need
and we have everything we need.

Very wise I might say... (no fan of debt myself). I like CC cards for
the security they bring to some classes of purchase however. I am a
little less trusting on the DD front since I like to have a little input
into the settling up phase to catch any mistakes sooner.

If you're replying directly to my post and my words what other
interpretation is there?

Tis the thing about usenet, if its not a new thread then it must be a
reply to a post...

I don't want 'flexibility'. I don't know how basic transactions can cost
more.

You may be aware of the rating systems that banks use to score the
desirability of their customers (some seem to use a fruit scale (i.e.
apples, pears etc) for some reason). Depending on which fruit you have
associated with your account will dictate how hard they will work to keep
you as a customer. This can range from not at all (i.e will actually seek
to upset you in the hope you take your business elsewhere - bills for
anything and everything - take it or leave it), to bending over backwards
to retain your custom (i.e. everything being negotiable).


They seem to do that with us, for what reason I don't know, our income is
very low, our activity fairly high, they can't make much profit on us! They
could exist without us and we without them.

Perhaps you are a "safe" customer from their point of view. Perhaps
their data mining exercises have shown you have a good correlation to
customers who are likely to make use of some of their more profitable
services at some point in your life... will writing, releasing equity in
property for long term care arrangements etc (not saying you (as in the
actual "you" in this case) will, but such is the non precise nature of
data mining). Might just be good ole, customer service and loyalty. (one
holds out hope it still exists)

Usenet is compromised, you use that.

True, but not for transacting online payments ;-)

One of the ID register's supporters claims is that it will make this type
of activity harder. One of the things that is clear to those who
understand the engineering and the social interactions of what is being
proposed, can see it that in fact the reverse is true - it will make these
things not only more common, but also far harder to detect.


You're saying that you know better than anyone else...

I am saying I know more about software and engineering than many
politicians, although I don't think many people would find that
statement too hard to accept, or even consider it just an ego thing ;-)

Do a web search on the Regulation of Investigatory Powers Act for a good

You said, "Your" civil liberties. Is this the variable value of 'your'
again?

Given we all live under the same laws then it could be either...

Collect enough seeming innocent bits of low grade information and before
long you have the foundations of a very strong attack - right round the
defences that the designers implemented to keep it secure.


Then you and your highly able colleagues must make sure that the defences
you design and implement must be secure.

Nice idea, but alas it does not work like that.

That was partly why I thought you may find the Mitnick book I
recommended a few posts back interesting. It very ably demonstrates how
the week points in any system are infrequently a result of the
engineering or software, but typically down to the human element. So the
system may well be designed to be secure, but that hardly matters since
attackers won't need to crack the system.

A survey shows that 70% or more people would give up the security to
their employers computer systems in exchange for an Easter egg or a cup
of coffee!

http://www.theregister.co.uk/2004/04...sword_surveys/
http://www.theregister.co.uk/2005/05...ssword_survey/

To start to compromise a system one only needs access to one account,
not 70%+

and we progress away from the "innocent until proven guilty" tenet our
legal system was based on,


Why should we?

Too late, see above.


Non sequitur.

How? I gave an example of an English law that is on the statue books
that does just that. Hence my statement "too late".

This thread has listed so many reasons for objecting to ID cards that I
suspect no-one's really sure why they are nervous about them.

To an extent that it true. The proposals would appear to make a whole
new class of criminal activity and state interference in peoples lives
more likely and easier to carry out. This is however by its very nature
a nebulous threat. Until that potential is turned into reality we do not
know which of the multitude of possibilities to be most concerned about.

I have no particular need to "convert" you one way or the other. I do
however find your position interesting (strange and incongruous, but
interesting nether the less).


I'm not unique. Argumentative, arrogant and opinionated but not unique.

Not sure I have an answer to that ;-)

I guess many people are actually quite attached to their meaningless
little lives


Yes sigh It shows.


and the fate and well-being of their families. Hence they have very real
fears that these will be threatened by being railroaded into ill conceived
systems that may result in their being exposed to new ways for their
status quo being upset.


You really think that most people in this country are trembling at the
thought of ID cards?

No, I expect most have not given the issue any serious consideration and
are more interested in what happens next on Eastenders....

I think they have more things to worry about, such as whether to get a new
i-Pod or wait until there's one with a striped strap ...

I expect you are right... And there is a whole debate to be had there on
the digital rights management built into the thing - but we can save
that for a later thread! ;-)

--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/
Reply With QuoteReply With Quote