DMossEsq

Tuesday 20 March 2012

Brodie Clark has been silenced, several months too late for the Home Office

The Brodie Clark affair is closed. Normal service is resumed, it's as though it never happened, there's nothing to see here, folks, move along please:

Brodie Clark receives £100,000 over Border Agency row - but no one is to blame

The senior civil servant at the centre of the passport checks fiasco has received more than £100,000 after settling his damages claim against the Home Office, with neither side admitting fault.

Brodie Clark stood down last year as head of the UK Border Force after being publicly blamed by Theresa May for relaxing entry checks at airports in order to reduce queues.

He denied he was a “rogue officer”, claimed the Home Secretary had made his position untenable for “political convenience” and began a claim for constructive unfair dismissal.

But on Friday it was announced that the parties had settled before the case reached an employment tribunal.

The amount of public money paid to Mr Clark to settle the case was not disclosed, but it is thought to be more than £100,000.

Neither side admitted fault and while the settlement may save time and legal costs for the Government, it also means the full account of what happened – which let to the UK Border Agency being split in two – may never be disclosed.

It sounds as though Brodie Clark has received substantially the same offer made to him and accepted by him in early November 2011. The offer was quickly withdrawn and as a result the public was treated to a series of media and Westminster battles, three Home Office internal enquiries and a Home Affairs Committee enquiry.

The powers that be must regret withdrawing that November offer because in the interim we have learnt that:

For several years successive home secretaries in successive governments have not, in their own estimation, exercised proper control over the UK Border Force and neither have their understrapper immigration ministers.
The officials are no better than the politicians. Successive permanent secretaries at the Home Office – and the cabinet secretary himself – might as well not have turned up to the office for all the good their presence did. Again, that is in their own estimation.
Ditto successive chief executives of the UK Border Agency and the rest of the Board of UKBA, executive Directors and non-executive Directors alike, their presence on the payroll seems to have added no value. Either that, or Brodie Clark wasn't doing anything wrong.
The Home Office is happy to thumb its nose at Parliament's efforts to discover the truth, in this case first promising and then refusing to disclose documents to the Home Affairs Committee.
The Home Office don't know how to conduct a trial properly, whether that is a trial of new intelligence-led/risk-based procedures or a technology trial. If pharmaceutical trials were conducted to the same standards, we'd all be dead. Ditto airworthiness trials for new airplanes.
The face recognition technology deployed at the border makes no contribution to security whatever and ditto the flat print fingerprint technology.
The "technology" that does work – human beings – is being decommissioned. Fast. Hundreds of members of the UK Border Force have already been laid off and hundreds more are still to go, all to be replaced by technology that doesn't work.
Their lay-offs are not to save money. The government deems it preferable to spend ten times as much on contractors – a motley band of astrologers and stamp-collectors.

And what have the government learnt? Judging by Damian Green's speech to RUSI the other day, nothing. Everything carries on as before. The border remains secure. It remains the case that the 2012 Olympics will be safe.

Brodie Clark has been silenced, several months too late for the Home Office

The Brodie Clark affair is closed. Normal service is resumed, it's as though it never happened, there's nothing to see here, folks, move along please:

more ►

Monday 19 March 2012

The French parliament wants to comply with the European Commission by making France more like Pakistan

Remember France? Remember 6 March 2012 when the French parliament decided to introduce national biometric ID cards? In a scheme reminiscent of Vichy? Time to take a look at the journey France is making – where did this scheme come from and where is it going to?

The recent history of biometric ID card schemes in Europe begins with the European Commission. In 1999, as part of the eEurope five-year plan, the Commission initiated a project to specify a system for pan-European biometric identity management. The specification job was given to eESC, the eEurope Smart Card forum and in 2003 they delivered OSCIE, the open smart card infrastructure for Europe.

It's a bit daunting, there are 2,000 pages of OSCIE, but perhaps the best thing is to concentrate on the paper on electronic identity, a mere 66 pages. That is the tune that France is marching to. The tune of 27 unelected and unaccountable satraps in the Berlaymont who have given up the job of governing people, it's too difficult, and decided instead to govern electronic identities.

The advocates of biometric ID always say that the cards are intended to make your life easier. With a biometric ID card, it will be easier to get a passport or to open a bank account or to move jobs, they say. But we can already get a passport and open a bank account and move jobs without a biometric ID card.

What the advocates of biometric ID cards mean is that, once we have OSCIE, life without a card will be impossible. The card will be required for every transaction, every communication, every state benefit, including healthcare and education. No card, no life. Life's optional and so the card is optional. The logic is impeccable.

That's where the project is coming from. And where's it going?

As it happens, there is a country that has been issuing multi-biometric ID cards since the year 2000. 120 million of them have been issued by NADRA, the National Database and Registration Authority. With their multi-biometric ID cards, 120 million people can now enjoy the pleasures of ePassports, electronic access control and attendance records at work, electronic driving licences, eCommerce, eVoting and many more.

And which is this country?

Pakistan.

The French parliament have fallen in with the European Commission plan to make France just that little bit more like Pakistan.

Why? What reason can the French government possibly give to explain this desire to become more like Pakistan?

They can hardly say that it's because they find governing people too difficult. Even if it's true. Nor can they get the population on-side by arguing that they are putty in the hands of the Commission, the Commission can mould them into any shape they please, France has to do what the Commission tells them to do. Even if it's true.

Instead, the French government deploys the identity theft gambit. In his 13 July 2011 speech, Serge Blisko (politely) pours scorn on this move:

Ficher potentiellement 45 à 50 millions de personnes – cette estimation a été avalisée par tous les interlocuteurs auditionnés en commission – dans le seul objectif de lutter contre l’usurpation d’identité qui touche quelques dizaines de milliers de Français par an, peut-il être considéré comme proportionné?

A moment's thought reveals that you don't fingerprint 50 million people just to try to reduce the incidence of identity theft which affects maybe 10,000 people, i.e. 0.02% of the people. It's not proportional.

Two moments' thought suggests that the incidence of identity theft is more likely to rise if you collect everyone's enrolments together in a national population register – if you create a single point of weakness, identity theft won't go down, it will go up.

And three moments' thought reveals that under the French scheme identity theft will become legally impossible anyway, not because cardholders won't be defrauded but because when they are, thanks to digital signatures, they'll be irrevocably liable for the loss themselves.

So identity theft can't be the reason. Not the real reason.

The acceptable reason for biometric ID cards according to the government is given in another part of M. Blisko's speech:

Il est vrai que la lutte contre l’usurpation d’identité est un enjeu industriel et commercial important pour la France puisque les entreprises dont nous avons auditionné les dirigeants sont championnes du monde dans ce domaine et qu’elles travaillent à 90 % à l’exportation.

France has plastic card manufacturers and chip manufacturers and biometric technology suppliers who are "world champions" and who contribute mightily, it is said, towards the country's exports. If the French people themselves will only agree to become walking advertisements for these industries, then exports will be assisted. It is every patriotic Frenchman's duty, according to this way of thinking, to become a human billboard in the marketing campaign of a few illegally subsidised companies. (No point complaining to the Competition Commissionner, of course, about that "unlawful state aid". It is the Commission's bidding that France is doing.)

Normally, advertisers pay for space. In this case, the tables are turned, and the mobile advertising space is paying the campaigners. The national biometric ID card scheme will cost billions of Euros. Those billions will not come out of thin air. They will be paid from the tax contributions of every French citizen and company.

It has a sort of Mephistophelean logic. It might work in some countries. But not France. Not in a nation with 246 different cheeses (© 1962 C. de Gaulle).

The French parliament wants to comply with the European Commission by making France more like Pakistan

more ►

The French people kindly volunteer to pay for any mistakes their banks make

A quoi ça sert la ... signature électronique?

Remember France? Remember 6 March 2012 when the French parliament decided to introduce national biometric ID cards? In a scheme reminiscent of Vichy? Time to take a look at one aspect of this scheme – digital signatures (signatures électroniques). Someone needs to tell the French people what their government is letting them in for.

Serge Blisko, député de Paris, has tried to tell them. Bravely. No British MP would try to talk about PKI (the public key infrastructure) and digital certificates. But M. Blisko did. In his immaculate speech of 13 July 2011. Three times:

Cette proposition de loi prévoit, dans son article 2, la création d’une carte d’identité biométrique, comprenant notamment les empreintes digitales des personnes, outre d’autres éléments tels que la taille et la couleur des yeux. L’article 3 crée une fonctionnalité supplémentaire qui pourrait être activée, de manière facultative il est vrai, par le détenteur de la carte nationale d’identité pour ses transactions commerciales sur internet et dans ses relations avec l’e-administration. Cette fonctionnalité lui permettrait de s’identifier sur internet et de mettre en œuvre sa signature électronique. Concrètement, la personne devra tout de même disposer d’un boîtier connecté à son ordinateur, ce qui n’apparaît pas très simple. Elle sera libre de choisir les données personnelles qu’elle veut transmettre ...

En 2005, malgré la technologie de l’époque, le débat était le même qu’aujourd’hui : la création d’une carte nationale d’identité électronique, contenant donc des données biométriques, était déjà envisagée ; elle ouvrait la possibilité de prouver son identité sur internet et de signer électroniquement ...

Dernier aspect déplaisant, sur lequel vous avez glissé un peu rapidement, monsieur le rapporteur : cette proposition de loi est une opportunité pour faciliter les échanges commerciaux. Je ne suis pas contre le fait de sécuriser la signature électronique sur internet pour déclarer ses impôts ou payer une amende au Trésor public, mais la proposition de loi va au-delà du domaine régalien et de ses extensions budgétaires.

France's new ID cards will include facilities for identifying yourself over the web and for signing documents digitally. Let's take an example. Let's say you're buying a car for €30,000. And the document you're signing digitally is the contract for sale.

As M. Blisko says, the exact process for digital signature remains undefined but, having once taken their leap in the dark, the French will find that however it works, it's "pas très simple".

That's a charming understatement. Implementing PKI properly is extremely complicated.

But suppose the French manage to do it. They're good at infrastructure. They've got good people working on the problem. They've got the will. It's a matter of national pride. Marianne, la patrie and all that. Let's assume that France can get a PKI system up and running with 50 million users. No-one else has ever managed that. But, just for the sake of argument, if and when France manage it, what then? What is the effect of signing a document digitally?

M. Blisko doesn't answer that question, for the good reason that he doesn't ask it. Perhaps he assumes that everyone already knows what digital signatures mean. Just in case they don't, though, here is the answer in one word – non-repudiation.

If you sign a document digitally, you cannot repudiate your agreement. You are committed. Irrevocably.

Further, the fact that the document is digitally signed means that you signed it. You cannot claim that someone else signed it. Even if it's true. Even if it is a case of identity theft/l’usurpation d’identité, that is no longer legally relevant. Legally, you signed the document and you owe the car company €30,000. That's the law, as far as digital signatures are concerned.

Without digital signatures, if your credit card is misused, by your daughter's dogy boyfriend for example, a fraud is perpetrated against the bank that issued the card, the bank made a mistake, they shouldn't have authorised the payment, it's their problem. With digital signatures, it's your problem. The risk has been moved from the bank to you.

Is that what you wanted, vous les autres les français? Is that what your parliament told you would happen? Are you happy to change the law and end up underwriting the banks? If the answer is yes, in each case, then my apologies for disturbing you with this irrelevant post, excusez-moi de vous avoir dérangé. But if the answer is no, you might like to have a little word with your député and ask him or her what on earth they think they're doing.

The French people kindly volunteer to pay for any mistakes their banks make

A quoi ça sert la ... signature électronique?

more ►

Thursday 15 March 2012

Vichy redux

Nine days ago on Tuesday 6 March 2012 the French National Assembly enacted a Bill to protect people from identity theft. The proposition de loi relative à la protection de l’identité is now French law.

You might think that this Act is just like the UK's now repealed Identity Cards Act 2006. Wrong.

There are similarities. Everyone over a certain age will be enrolled in a French population register (a fichier) and will be issued with an identity card. The card will have microchips in it (puces). The chips will somehow use your biometric data (données) to support identity verification. I.e. they will allow you to prove that you are who you say you are. The French are even using the same misinformation – the cards will be "optional" (facultatives), according to an article in Le Monde.

But there's a big difference. The UK ID card scheme was going to use flat print fingerprint technology (empreintes posées) which is cheap, easy to use/no expert required, clean and utterly unreliable. The French know that. They're not stupid. It's French companies that provide this waste of money/snake oil biometric technology. They're hardly likely to make the same mistake.

What they propose instead is to use the same high quality rolled print fingerprinting technology as the police (empreintes roulées), forensic quality technology acceptable as evidence in a court of law. On the whole population. The whole of France is going to be issued with what the FBI call a "Ten Print Rap Sheet" or TPRS, just like Al Capone.

Serge Blisko is the MP (député) for Paris. Here he is speaking on the Bill last year in Parliament:

Intervention de Serge Blisko sur la proposition de loi de protection de l'identité
mercredi 13 juillet 2011 15h31
Catégorie: Société , Interventions
Motion de rejet préalable de Serge Blisko, député de Paris

... tous les citoyens seront désormais contraints de donner leurs empreintes digitales à l’une de ces 2 000 antennes de police administrative que vous avez décrites, monsieur le ministre. Il s’agira, en plus, d’empreintes très particulières. Je me réfère aux auditions des hauts fonctionnaires du ministère de l’intérieur : il faudra donner les empreintes de huit de ses doigts par la technique des empreintes roulées et non pas posées. Elle est très différente de celle de l’empreinte posée car c’est une technique criminologique. Nous ne sommes plus alors dans une démarche de reconnaissance d’identité, mais dans la logique d’un fichier de recherches criminelles ...

It is almost unprecedented for a government to tell its parishioners that they are all regarded as criminals. In fact, Mr Blisko can think of only one case – Vichy France:

Monsieur le ministre, j’ai le regret de rappeler que la France n’a créé qu’une seule fois un fichier général de la population, c’était en 1940. Il fut d’ailleurs détruit à la Libération.

Voici un extrait de la loi du 27 octobre 1940 de l’État français : « Obligation de détenir une carte d’identité à partir de seize ans, comportant les empreintes digitales et la photographie, et de déclarer tout changement d’adresse. Institution d’un fichier central de la population et d’un numéro d’identification individuel. »

Ce fichier central, disais-je, a été détruit à la Libération. C’est donc bien depuis la période de Vichy que la France n’a pas connu et n’a pas voulu un tel fichage de sa population.

France. Our partners in the EU. They wouldn't do that, would they? They wouldn't reintroduce Marshal Pétain's law of 1940. Would they?

They just did. Nine days ago on Tuesday 6 March 2012.

Vichy redux

more ►

The whiff of cordite in Whitehall

Rt Hon Margaret Hodge MBE MP is making a speech today at Policy Exchange. This is the latest battle in her war to make Whitehall accountable to Parliament. Whitehall wastes our money with impunity, as it says at the head of this page. In the attempt to put a stop to this state of affairs, traditionally, Whitehall has always won hands down. Perhaps we should expect history to repeat itself.

Or perhaps not. Never has the ancien régime been led by a general as vulnerable as Sir Gus now Lord O'Donnell, the man to whom we owe the present parlous state of our national finances.