One of my pet topics has bubbled to the forefront of media attention in Britain over the past week. The reason for this was a howling blunder on behalf of the HMRC governmental department (Her Majesty\u2019s Revenue and Cockups) who managed to mislay personal details of 25 million UK citizens including their names, addresses, date of births, National Insurance numbers and bank account details. A junior official at HMRC was able to download this information onto a couple of CDs and pop them in the regular post, where of course they subsequently disappeared. Oops.<\/p>\n
This is the same government advocating compulsory ID cards for all UK citizens, that will contain substantially more information than was on these CDs. But this argument is well trodden, and I am against ID cards for reasons more fundamental than of potential fraud: it is the wrong relationship between the citizen and the state: they do not own us – they work for us.<\/p>\n
Ethics aside, it is also doomed to failure. As long as humans are humans, we will always be susceptible to error – an asset for evolution, but not so hot for super-sized security logistics. It only takes a single<\/strong> error for any national identity scheme to be compromised. Once the data is out there, it can never ever be retrieved.<\/p>\n Human error within the \u201csystem\u201d is only one potential fallibility, the other is the system itself. Ministers are touting biometric data as the silver bullet to fraud prevention. They point towards finger print data (pardon the pun) as a means of secure authentication. The fact that you can replicate someone\u2019s fingerprints using encoded data on a biometric chip, some cryptographic know-how and a \u00a312.50 trip to Maplin\u2019s seems to have been conveniently ignored. If we rely solely on this kind of technology in the future then we\u2019re in for Trouble.<\/p>\n And don\u2019t expect the banks to look after you either, they care as much about security as turkeys do for Christmas. For example, when I phone my bank I am asked a series of \u201csecurity\u201d questions for authentication. Fine, no problem. But whenever the bank phones me, they still ask for the same authentication! This is so utterly, utterly stupid. I could phone up anyone pretending to be from a bank and demand all sorts of personal information. Banks fail to understand that authentication is a 2-way process.<\/p>\n Not that authentication seems to bother HSBC too much either. About a month ago I received a letter, addressed to \u201cMs X\u201d at my address. As Ms X has never lived here I phoned the bank to see what was going on and to suggest that someone was using my address for potentially fraudulent purposes. Next week I received 2 statements and a paying-in book. Another phone call to the \u201cfraud\u201d department, in New Delhi. A few days later, a cheque book arrived. Another phone call. The following week, a PIN number arrived in the post as did a note from a courier attempting to deliver a credit card. Another phone call to HSBC. There has been nothing for a few days now so perhaps they\u2019ve got the message, but I wouldn\u2019t trust this bunch of fools with my money if that\u2019s the way they treat fraud.<\/p>\n I fear that the ID cards issue has now become too politicised to be debated rationally. Yes we need an alternative to using utility bills for authentication, and there are many things we can all do to achieve this – using a little common sense for a start – but investing in billions for a system that could be outwitted by bowl of bananas certainly isn\u2019t the answer.<\/p>\n","protected":false},"excerpt":{"rendered":" One of my pet topics has bubbled to the forefront of media attention in Britain over the past week. The reason for this was a howling blunder on behalf of the HMRC governmental department (Her Majesty\u2019s Revenue and Cockups) who managed to mislay personal details of 25 million UK citizens including their names, addresses, date […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[10],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.innerhippy.com\/index.php?rest_route=\/wp\/v2\/posts\/57"}],"collection":[{"href":"https:\/\/blog.innerhippy.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.innerhippy.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.innerhippy.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.innerhippy.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=57"}],"version-history":[{"count":4,"href":"https:\/\/blog.innerhippy.com\/index.php?rest_route=\/wp\/v2\/posts\/57\/revisions"}],"predecessor-version":[{"id":382,"href":"https:\/\/blog.innerhippy.com\/index.php?rest_route=\/wp\/v2\/posts\/57\/revisions\/382"}],"wp:attachment":[{"href":"https:\/\/blog.innerhippy.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=57"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.innerhippy.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=57"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.innerhippy.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=57"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}