Archive for the ‘UK’ Category

Privacy concerns with existing data sharing practices complicate EU-US identity policies  

BTC- As US Facebook members are jumping like fleas off of a drowning dog, the social network extends it’s plan to to administer online ID in the United Kingdom.  For now, the plan may use Facebook’s authentication systems for a European online identity proposal, as the functional equivalent of the US NSTIC proposal.  Facebook failed to secure a bid to perform this function in the United States serving “drivers licenses” for the Internet in an original pass with the NSTIC program.

Many have found fault with the social network’s data mining policies, its sympatico relationships with federal intelligence agencies for unaccountable surveillance, and finally it’s utter disregard for privacy practices while administering Real ID, a “voluntary” live online identity system to Blizzard’s World of Warcraft susbscribers.

There are existing privacy concerns over ways the United States handles data from across the pond. The Patroit Act may be overreaching by asking the EU to comply with terms of our domestic laws.  PNR (passenger name & travel data) and SWIFT (EU-US financial records) data handling policies may be soon out of Congressional oversight, if proposals are put through a secretive process using an Executive Order from the White House, according to Identity Project’s,  Edward Hasbrouck,  a panel speaker at today’s CFP Conference in Washington D.C.  Mary Callahan, with DHS’ privacy office, made note of similarities over current EU-USdata sharing practices, saying, “We are the same family.”  Jan Albrecht, another panelist for the EU parlaiment, expressed cautions over arbitrary computerized surveillance of European citizens.  At one point, he made comparisons of Nazi policy to the current direction of US data handling.  Undoubtedly a more believable statement due to the fact he is German and not a Fox News opinion leader.

Government proponents of the UK identity system felt the need to clue in civil liberty groups like, No2ID, in advance so the plan would not be altogether eviscerated before evaluating and managing privacy problems.

“It’s not a bad thing in itself to check that the person you are talking to is the person you want to talk to,” [said No2ID’s, Guy Herbert]. “But whatever the good intentions at the outset, the fear will always be that the bureaucratic imperative to collect and share more data about the public will take over.”


Here is second life for news that matters.

BOSTON TEA PARTY OPPOSES NATIONAL ID,  PERIOD. I guess national id cards are officially unamerican.  That doesn’t mean they aren’t still trying to sell the EDL in Michigan.  Florida is fighting it.  Downsize D.C. amid coalition efforts wants their repeal.  Real ID after 5 years is still getting consistently bad press from the blogosphere.

Facecrook’s Mark Zuckerberg, dubbed Little Caesar, waits for someone to defend his privacy.  We hope for a different haircut and to know how much money is awarded to the person who sues the pants off of him …. again.

Facebook as Caesar

GPS tracks again… that’s what it does.  Now it gets your kids and the prisoners.  All sitting prospects in the public-private target range for the gubmint market.  I’ll bet you’re really surprised. Commentary by EFF.

FUSION CENTER UPDATE:  CIR reports… Special word goes out to the Electronic Privacy Information Center.  What do they do? They provide information about Electronic Privacy. It’s awesome when they do.

Alternet tackles naked body scanners on the street in broad daylight. God, what a weird feeling that must have been…

STATUS: We are wondering about the individual mandate for a national healthcare ID.

India’s issues with the Unique Identification Authority of India.  FYI…Don’t buy a cell phone in China...

BEIJING — China wants people who buy new cell phone numbers to register their personal details, joining many European and Asian countries in curbing the anonymous use of mobile technology.

There have been some changes to  FISA,  warrentless cell or telephone tapping are up for PUBLIC INPUT until OCTOBER 24, 2010.   I’m TELLIN’!!

Germany’s national ID cards move to contactless technology citing NXP as national ID card chip of choice.  c/o Contactless News

“The German government has selected NXP as the supplier of an inlay solution containing a SmartMX chip, packaged in an ultra-thin module. Issuance of German contactless ID cards, which will replace the current paper-based IDs, will start in November. More than 60 million cards are expected to be rolled out over the next ten years.”

FLOGGER Jim Harper takes you on an East German train ride and makes some connection you may have missed.

Denver has a nasty case of Bad Cop according to ProLibertate. However, here’s a report causing cognative dissonance in the deliverance of justice in a UK case where CCTV got a bad cop off the streets.

EU passport security has been placed under the microscope

c/o , *special thanks to EFF

EUOBSERVER / BRUSSELS – The biometric, or “e-passport,” was supposed to offer a previously unrivalled level of security and protection against forgery. It was “fool-proof,” some said, even “impossible” to counterfeit.

In the years that followed the attacks on New York and Washington, the European Union, as with many international powers, was eager to embrace the technology. In 2004, the European Commission proposed technical specifications for a harmonised e-passport system, first requiring digital facial image as as a mandatory biometric identifier for passports and later requiring fingerprint data.

Airport: EU passport security has been placed under the microscope (Photo: dacba10)

But in the wake of the Dubai targetted killing of a Hamas commander, in which a team of some 27 assassins used fake EU and Australian passports in the course of their cloak and dagger escapade, the security of the passport has been placed under the microscope.

Beyond the Dubai murder, Europol has warned that despite the biometric changes to passports, counterfeiting still remains a major problem for criminals or others “who are determined to do so,” with the provision of documents for irregular immigrants being the main driver of the activity.

In 2008, the latest year for which data is available, some 16.7 million passports were on an Interpol database of stolen or disappeared passports.

Magnus Svenningson, the CEO of Speed Identity, the company that provides the biometric data capture platform to the Swedish, Luxembourg and Lithuanian governments, in an interview with EUobserver reveals how passports can be forged.

“The EU passport is a very, very secure document. EU countries have invested a lot in the document. It’s extremely expensive and difficult to forge, although not impossible,” he said.

What makes it so hard is one would have to clone the certified chip of the issuing government: “This requires machine-supported verification of the documents.”

Famously, in August 2008, after 3,000 blank UK passports were stolen and British authorities said that without the chip, the documents would have been useless, the Times newspaper hired a computer researcher to successfully clone the chips on two British passports. Passport reader software used by the UN authority that establishes biometric passport standards believed the chips to be genuine.

This is designed to be countered by checking the chip at a border crossing against an international database of key codes, the Public Key Infrastructure, but only a minority of countries have signed up. So a would be counterfeiter should choose a state that does not share these codes.

The level of counterfeiting difficulty varies from country to country, said Mr Svenningson: “In some countries, it’s very easy, others not so easy, but every country has their own loopholes.”


First of all, the inclusion of the biometric identifiers is binding only for those countries in the Schengen area, of which the UK and Ireland have opted out and which Cyprus, Bulgaria and Romania have yet to join. These specifications are also binding on European Economic Area countries Norway, Iceland, Liechtenstein and Switzerland.

According to the EU regulation, countries were to have included both facial imagery and fingerprints in their systems by July last year. The British e-passport meanwhile only uses a digital image and not fingerprinting, although this is currently under consideration by authorities.

UK foreign minister David Miliband said that the Dubai passports taken from British citizens were in any case not biometric, which makes the forgery process that much easier. But Mr Svenningson said that one of the easiest methods is to acquire a duplicate passport – “a real fake passport” – rather than to forge one.

“The problem is enrollment and lies with the breeder documents. These are the documents that make you a for example a British or German citizen,” such as a birth certificate or naturalisation papers. “These documents plus the biographic data and the biometric data are then unified and stored in a passport tied together, forming a proof of identity.”

According to Mr Svenningson, you should choose a victim that roughly matches your appearance, and then photoshop an image of yourself so that it appears closer to what the original person looks like, something in between you and the other person.

This process is aided by “the transfer of a paper photo to a digital one, which involves a huge loss of quality, resulting in a photo that makes it very easy for others to use.”

“When all this is done, you apply for renewal of your victim’s passport and file a new application with your tailored picture. Then you wait at his or her mailbox of until the new passport arrives by mail and snatch that particular letter.” He added that a postbox that is separate from the apartment or house is best.

This method is the most common, he said. The advent of biometric passports has had an effect: “There has been a big shift in the last five years from counterfeiting to applying for a real one,” because of the additional hurdles set up by biometry.

Fingerprints can be fooled

But those countries that require fingerprints included on the chip can still be fooled.

“Fingerprints are possible to fake for a low cost. The easiest way is to obtain a print from something someone has touched, a glass or a mobile phone.”

From this you can extract a picture of the ridges that you see on your fingertip. This picture can be moulded onto a piece of plastic, which can then be subtly placed on the fingertip during enrollment or verification of the data to make you appear like someone else.

Even retina scans are not impossible to fake.

“This is difficult. The process involves taking a picture of the retina with infrared light at very close distance. But it is still not impossible. You could hold some kind of eye-like object with a picture of the retina in front of the camera. Of course if the process is supervised, it then becomes quite difficult.”

But he says that this supervision, making sure that the photo, fingerprints and other biometric data are captured at the same moment that you apply for a passport: “So that all the data is tied together and impossible for the applicant to alter.”

“It’s very important to have the whole enrollment process take place in one sequence via an officially supervised process. Any time you break up this sequence, you introduce a window for individuals to undermine the security of the passport.”

Of course, Mr Svenningson’s business model is precisely that – all-in-one biometric data capture – so he has an interest in suggesting its importance. He jokes that photography shops, who do not sell as many rolls of film any more and for whom the €8 set of four passport photos is an increasingly substantial part of their business, do not particularly like the idea.

But it will still take many years before even the current generation of e-passports is widely adopted.

Five to 10 year window

“When it comes to non-biometric passports, there is an even weaker tie between the document and its holder, and while biometric passports are common now, the large bulk of EU passports in circulation are non-biometric because they aren’t out of date yet, and won’t be for a number of years. It will take at least another five to 10 years for all EU passports to be biometric.”

Still, nothing will be able to stop those who have the time and money to invest in counterfeiting, he said: “The intelligence services have the expenses and the capacity to do this.”

Last week, the Australian Broadcasting Corporation interviewed Victor Ostrovsky, a case officer at the Mossad in the 1980s, who said that the Israeli spy agency had its own “passport factory,” a company established within the Mossad headquarters.

“They create various types of papers, every kind of ink. It’s a very, very expensive research department,” he said.

© 2010 All rights reserved. Printed on 25.03.2010.

c/o No2ID

This Monday (8th Feb) the Identity and Passport Service (IPS) began the next phase of the ID Card Con – targeting 16-24 year olds living in London.

Minister for Identity, Meg Hillier invited the media to come and see the first ‘volunteer’ be fingerprinted at 8:30am. A dozen or more hardy NO2ID supporters mounted a chilly white protest in biting winds and the odd flurry of snow outside Victoria passport office. IPS security decided to stay in the warm, and keep an eye on us through the window.

Getting there half an hour before the minister meant we caught the media going in – and also coming out. Phil Booth gave interviews to ITV news and the Press Association cameras, and reporters from several London university newspapers. Guy Herbert spoke to news radio.

Inside the passport office, according to one person watching, the volunteer actually referred to himself as a guinea-pig. Shame he didn’t get the full message on the flyers we were handing out, which is *don’t* be a guinea-pig.

Bizarrely, one young man walking past our protest waved what looked like an ID card at us. He was turned away from the front door, but headed in by the side entrance. Members of the media said later he was a member of an IPS Public Panel “independent scrutiny” groups, hand-picked by IPS – which may explain how he came to be issued with a card before the
‘first’ volunteer…

Glimpsing Ms Hillier through the glass around 9:30am, we rapidly relocated our protest round the corner. But to no avail. The Minister snuck out another way, leaving another decidedly low-key media event without directly engaging her critics.

For more information, flyers to download and print off, and notice of upcoming ‘Stop the ID Card Con’ events in London and across the North West [UK], please visit:

c/o Daily Mail UK>> No2ID

Telecoms firms have accused the Government of acting like the East German Stasi over plans to force them to store the details of every phone call for at least a year.

Under the proposals, the details of every email sent and website visited will also be recorded to help the police and security services fight crime and terrorism.

But mobile phone companies have attacked the plans as a massive assault on privacy and warned it could be the first step towards a centralised ‘Big Brother’ database.

They have also told the Home Office that the scheme is deeply flawed.

The criticism of Britain’s growing ‘surveillance culture’ was made in a series of responses to an official consultation on the plans, which have been obtained by The Mail on Sunday.

T-Mobile said in its submission that it was a ‘particularly sensitive’ time as many people were commemorating the 20th anniversary of the protests that led to the collapse of ‘surveillance states in Eastern Europe’.

Martin Hopkins, head of data protection and disclosure, said: ‘It would be extremely ironic if we at T-Mobile (UK) Ltd had to acquire the surveillance functionality envisaged by the Consultation Document at the same time that our parent company, headquartered in Germany, was celebrating the 20th anniversary of the demise of the equivalent systems established by the Stasi in the federal states of the former East Germany.’

Equally trenchant was the response from Hutchinson 3G Uk Ltd, which read: ‘We take seriously the responsibility of safeguarding our customers’ information and data, and are unconvinced of the safeguards that the Government might make to protect against loss.’

The firm also said it had ‘substantial concerns’ over claims that public authorities would only be able to access data on a ‘case-by-case’ basis. It is understood hundreds of public bodies and quangos may also be able to obtain information from the system.

‘It is our belief the safeguards listed in this consultation are incomplete and do not extend far enough,’ it added.

Orange and Vodafone were also highly critical, with a spokesman for Orange saying: ‘The proposals are clearly not about “maintaining” capabilities but rather about “enhancing” existing capabilities.

‘Any debate should address what many will see as a worrying extension of the so-called “surveillance culture”.’

Since October 2007, telecoms companies have been obliged to keep records for a year. Under the new legislation, however, they will also be required to organise it better – for example, by grouping calls made by the same person.

Internet service providers have been required to hold records on emails and website visits since April.

Police and security services can already obtain such information if they are given permission by the courts.

The public will reimburse internet service providers and telecoms companies for the costs associated with storing the billions of records.

A Home Office spokesman said: ‘The police and security services need to be able to use communication data in the fight against crime and terrorism. Communications data forms an important element of prosecution evidence in 95 per cent of the serious crime cases.

‘Access to communications data under the Regulation of Investigatory Powers Act is subject to strict safeguards around how, when and by whom data is obtained.’

The activities of the Stasi, the former East Germany’s secret police, were memorably depicted in the Oscar-winning film The Lives Of Others, starring Ulrich Mühe. At the regime’s height, there were 200,000 agents and informers in a population of only 16million.

CLG >>UK Independent

Police forces have been arresting people simply to add them to the controversial DNA database as a result of lax rules that have developed with almost no public scrutiny, the Government’s independent DNA watchdog warns today.

The Human Genetics Commission (HGC) also says there is little evidence that the national DNA database, the largest of its kind in the world, is of any use in solving crimes. In its two-year report examining the database, published today, it concludes that allowing police to add anyone arrested to the DNA database damages the assumption of innocence.

The report received testimony from one senior police source, a retired chief superintendent, who said it was “the norm” for officers to arrest someone to obtain their DNA profile.

VIDEO: DNA database crtiticised

Guy Fawke’s Day

with Phil Booth of No2ID

Tune in tomorrow for a special program featuring international identity advocate, Phil Booth of No2ID.

No2ID runs continual campaigns against every successive incarnation of national ID card manufactured by the current UK Parlament & Home Security Office. In previous entries we have presented news of their successes and struggles.

To date, no other nation suffers with the level of closed circuit televised surveillance (CCTV) of independent citizens than the UK. The level of public surveillance surpasses that of Red China. This practice is very conspicuous for a democratic government.

This 5th of November, we adjust our format for an organizer very clearly committed to bringing forward the result of a life freed of the vices of national identity, an end to a pre-emptive criminal databases and the UK database state.
Listen in tomorrow on Waking Up Orwell 9AM CST on

NEXT WEEK ON Waking Up Orwell : Dahr Jamail, bestselling author of Beyond The Green Zone distills the struggle of GI resisters. He reports on the post-military process for active service members who either cannot or will not return to the call of duty in Iraq and Afghanistan. Some of his recent work covers the digital censorship of their voice, GI resisters campaigning for office and of those who become political prisoners of conscience.

from No2ID UK

Government drops DNA retention powers from police Bill

During the House of Lords Committee Stage of the Policing and Crime Bill this week (20th October) the government announced that they have dropped controversial DNA retention powers from the bill, introduced following a European Court of Human Rights ruling in December 2008.

The bill had contained an enabling power allowing the Home Secretary to make regulations for the retention and destruction of DNA thus passing new guidelines without proper parliamentary debate. Government Minister Lord Brett said: “As soon as parliamentary time allows, we will bring forward appropriate measures which will place the detail of the retention periods in primary legislation, allowing full debate and scrutiny of the issue in both Houses”.

But Baroness Neville-Jones was not impressed, she said: “The Minister justifies the production of a framework Bill on the ground that speed is needed. It is difficult to talk about speed when the [Marper] judgment was in December last year. The Government could have proceeded more speedily than they have. Given the Government’s attitude to some of the legislation, they should have known that others would not be happy with them introducing a framework Bill and that there would have been a very lengthy debate and an attempt to amend. I can see why the Government have withdrawn the proposal”.

Meanwhile ….ID card polls show support lower than ever.

That may be after what happened this Summer.

ID cards and the worst of public sector IT failures government plans to store ID card biometrics data on a controversial system used by thousands of public workers might be scrapped. The Home Office has confirmed it is reconsidering plans to use the Customer Information System system to store biometric data for the ID card scheme.

c/o No2Id

The 2nd Annual Report of the National DNA Database Ethics Group has been released. The report criticizes the government’s response to the European Court of Human Rights ruling that keeping the DNA of people arrested but not charged was unlawful.



Nearly 2,000 people have had personal information about themselves lost by the Ministry of Justice over the past year, in a series of incidents listed in the department’s accounts, published last week.

The UK’s current administration has a very one sided practice on public identity management, NO2ID reports.

The way Britain undertakes crime scene investigations and the existence of the DNA database have both come under intense scrutiny following the news scientists in Israel have successfully replicated DNA samples.

The UK has the largest per capita DNA database in the world and the
government often stresses the infallibility of DNA evidence to justify
the expansion of the database. But now researchers at forensic DNA
technology company Nucleix say that DNA samples can be faked.
They have demonstrated how artificial DNA could be implanted into real blood giving the blood a new profile. A modified blood sample was sent to a US laboratory that works with FBI forensic teams and they failed to catch the forgery. Interestingly though, Nucleix has come up with the solution – an authentication method that distinguishes between real and fake samples. However the mere fact that DNA can be faked may question the reliance on DNA in criminal cases. US defence attorney Michael Cardoza told CNN news: “it opens up an entire avenue of cross examination that was never there before. Can you imagine their expert, the prosecution’s expert on the stand – we will now be able to ask them: ‘It’s possible to fabricate DNA?'”, adding “it will give a lot of defence attorneys something to talk about in court, it will make prosecutors work a lot harder”.


Conservative MP Damian Green has won his battle to have his DNA removed from the National DNA Database but, as he himself acknowledged, “…this is only a first step. I want every innocent person who has been arrested and whose records are being wrongly held to be treated the same as me.”

While a high profile public figure may successfully argue that he is an

“exceptional case”, this still leaves hundreds of thousands of people
never charged or convicted of a crime on the database – with thousands more being added every month. Mr Green’s case highlights how arbitrary and unfair the system is, and reveals how little the government has done in the nine months since the European Court of Human Rights ruled that the blanket and indiscriminate retention of the DNA profiles and fingerprints of innocent people was unlawful.

It’s time to take action. If they won’t, we must.

Most people simply don’t know in what circumstances they can apply to have their DNA profiles removed, or how. Which is why NO2ID joined forces with Genewatch UK, Open Rights Group, Liberty and others to build – an advice site that can walk you through the process and even help you draft the necessary letter.

Labour MP Diane Abbott and lawyers from Liberty will be holding a ‘DNA clinic’ in Hackney to provide help and advice to those who want their DNA profiles removed from the national database.

We desperately need to raise public awareness and keep the pressure on -the Parliamentary battle will resume this autumn – so please write a letter to your local paper suggesting that people who are innocent and want to have their DNA removed use – or, if you are in a city, asking whether something similar to Ms Abbott’s ‘DNA clinic’ can be done in your area.

With nearly 5 million people on the DNA database, almost 1 million of them children, you may not be directly affected – but you probably know someone who is.

Chronicle the UK’s Identity Minister, Lord Brett, said the ID cards
might not be recognised outside the UK by other EU member states.

According to the Home Office, ID cards will be accepted as travel
documents across Europe when they are launched,[whenever that is.]

On Friday we reported that in an interview with the Oldham Evening
Chronicle the UK’s Identity Minister, Lord Brett, said the ID cards
might not be recognised outside the UK by other EU member states.

A NO2ID supporter wrote this week to tell us that Advanced Passenger Information (API) is now a requirement when booking flights with many carriers. “British Airways and Easyjet now make passengers booking a flight online fill in passport information(number, date of issue, expiry, nationality, date of birth) with a threat that failure to do so may mean one cannot fly. This data has to be given before travelling and before the day of departure. When asked,
an Easyjet operative said, ‘It is a government/EU requirement’.”

OTHER NEWS: ID Convictions & Struggling with Biometrics

Two people have been successfully prosecuted for refusing to provide authorities with their encryption keys, resulting in landmark
convictions that may have carried jail sentences of up to five years.

An entrepreneur whose fledgling business was ruined by a false entry in a court database has had his claim for compensation rejected by a High Court judge. The decision could set a broad and troubling precedent, because Mr Justice Bill Blair QC – brother of the former PM Tony Blair -ruled that the civil service cannot be found liable for the damage caused by its record keeping mistakes.

MUST SEE! ::Does biometrics prevent or promote identity fraud? Dr Edgar Whitley of the London School of Economics “questions whether the government’s plan to protect us from identity fraud through its proposed ID card scheme could backfire” in this short video.

In 5,000 schools, children are required to give fingerprints to use the library. And the king of databases will be the national ID card scheme which, the Government hopes, will eventually hold data for identifying every one of us.