DMossEsq

Friday, 23 March 2012

Official: stillborn French biometric ID card scheme not just extra-terrestrial but also unconstitutional, 13 times over

Remember France? Remember 6 March 2012 when the French parliament decided to introduce national biometric ID cards? In a scheme reminiscent of Vichy? 60+ members of the National Assembly and 60+ members of the Senate referred the law to the French Constitutional Council. What does the Council make of it?

The Conseil constitutionnel published its Decision no. 2012-652 DC yesterday, 22 March 2012. They're not pleased.

Since it's been re-numbered, the law has 10 articles. Four of them are completely unconstitutional according to the Council. So are bits of two other articles:

Sont déclarées contraires à la Constitution les dispositions suivantes de la loi relative à la protection de l'identité :

- les articles 3, 5, 7 et 10 ;
- le troisième alinéa de l'article 6 ;
- la seconde phrase de l'article 8.

The Council has 10 objections to the way the scope of a law supposedly concerned with identity fraud has crept into terrorism and many other areas. And three objections to the use of the proposed biometric ID cards for eCommerce.

These 13 counts of unconstitutionality are laid out in the Commentary which accompanies the Decision and summarised in the Council's press release, in which the law is judged to be disproportionate and to infringe people's right to privacy:

Eu égard à la nature des données enregistrées, à l'ampleur de ce traitement, à ses caractéristiques techniques et aux conditions de sa consultation, le Conseil constitutionnel a jugé que l'article 5 de la loi déférée a porté au droit au respect de la vie privée une atteinte qui ne peut être regardée comme proportionnée au but poursuivi. Il a en conséquence censuré les articles 5 et 10 de la loi déférée et par voie de conséquence, le troisième alinéa de l'article 6, l'article 7 et la seconde phrase de l'article 8.

When it comes to the use of the proposed ID cards for eCommerce and digital signature, where Serge Blisko considers that the government had taken off into the stratosphere, the Council say:

Par ailleurs, le Conseil constitutionnel a examiné l'article 3 de la loi qui conférait une fonctionnalité nouvelle à la carte nationale d'identité. Cet article ouvrait la possibilité que cette carte contienne des « données » permettant à son titulaire de mettre en oeuvre sa signature électronique, ce qui la transformait en outil de transaction commerciale. Le Conseil a relevé que la loi déférée ne précisait ni la nature des « données » au moyen desquelles ces fonctions pouvaient être mises en oeuvre ni les garanties assurant l'intégrité et la confidentialité de ces données. La loi ne définissait pas davantage les conditions d'authentification des personnes mettant en oeuvre ces fonctions, notamment pour les mineurs. Le Conseil a en conséquence jugé que la loi, faute de ces précisions, avait méconnu l'étendue de sa compétence. Il a censuré l'article 3 de la loi.

In other words – less dignified words – the government haven't got a clue how the cards would be used for eCommerce or, to put it another way, they don't know what they're talking about. Or legislating about.

Yesterday was a bad day for the banks – they continue to be responsible for frauds perpetrated against them, they haven't yet managed to introduce digital signatures to pass that risk off on their accountholders. It was a bad day for the astrologers and stamp-collectors of the biometrics community. It was a bad day for the latter-day leech-farmers of the moribund plastic card community. It was a bad day for industries seeking illegal State aid. And generally a bad day for the attempted resurrection of Vichy.

On the other hand, it was a good day for democratic government and for the French people. A very good day.

Official: stillborn French biometric ID card scheme not just extra-terrestrial but also unconstitutional, 13 times over

more ►

Thursday, 22 March 2012

EXCLUSIVE: Man in shower gets wet

1. In the year to 31 March 2012 public expenditure is estimated to be £710 billion. According to yesterday's Budget, Whitehall expects to spend £683 billion over the next year, a tiny reduction of 2.4% in nominal terms, very slightly more in real terms, taking RPI inflation into account.

Gordon Brown was always very good at hiding expenditure, behind PFIs and peculiar corporate structures like Network Rail – we have to hope that £683 billion doesn't omit any expenditure that is known about but not being declared.

2. Of that public expenditure, £50 billion in 2011-12 was interest on the national debt and that figure is expected to fall a respectable 8% to £46 billion in 2012-13.

If our credit rating falls and interest rates rise, the good news will evaporate. If interest rates double, then £46 billion becomes £92 billion, an 84% increase on 2011-12.

3. The Exchequer was expecting to collect £589 billion of revenue in 2011-12 and expects £592 billion in 2012-13, a tiny increase of 0.51%, which is good, but better would be to see a significant decrease. Individuals and companies are less likely to waste their money than Whitehall.

The attention being paid to tax avoidance could have some surprising victims – that great scourge of tax avoidance, the Guardian, relies for income on its Cayman Islands joint venture with Apax Partners and if they have to start paying the tax they owe – if the GAAR is pointed at them – then the newspaper could go out of business in one year instead of three.

4. In 2011-12, the nation borrowed an estimated £121 billion to keep itself in the manner to which it has become accustomed. The deficit in 2012-13 is expected to fall to £91 billion, a tidy reduction of 24.2%. Do we really have to wait five more years for a balanced budget?

With the economy flat and the national debt little short of £1 trillion – yesterday's figure was £985 billion – the media still manage to sound surprised that people are worse off. How do they do it? Which maths lesson did they miss at school? Addition? Subtraction? Were they asleep throughout the Autumn of 2008?

Just to remind them, Gordon Brown had to fly off from the 2008 Labour Party conference to "save the world", or at least the UK, from the mess he and Ed Balls and Sir Gus now Lord O'Donnell had created. There was a problem then and there still is. Wishful thinking hasn't made it go away.

EXCLUSIVE: Man in shower gets wet

more ►

Wednesday, 21 March 2012

Stillborn (mort-né) French biometric ID card scheme killed by crude mistake in technocrats' design

Remember France? Remember 6 March 2012 when the French parliament decided to introduce national biometric ID cards? In a scheme reminiscent of Vichy? Time to take a look at the quality of the design decisions taken at this early stage. Do the technocrats know what they're doing?

We must start as ever with the immaculate speech given by Serge Blisko on 13 July 2011 ("the speech that just keeps on speaking"):

Le groupe socialiste au Sénat s’est d’ailleurs interrogé sur le fait que cette deuxième puce « services » soit gérée par le ministère de l’intérieur. Avez-vous besoin, en qualité de ministre de l’intérieur, de connaître les habitudes d’achat et de consommation ou les allées et venues de millions de citoyens ? Nous sommes là dans un monde tel que décrit par Orwell dans 1984, et dont l’obsession du contrôle me semble hors de propos s’agissant de la protection contre l’usurpation d’identité. Ce véritable problème ne demande pas un déploiement stratosphérique permettant de tracer les déplacements et les achats des individus !

The new ID card will have two chips (puces) in it, one of them to allow you to deal with the State (the puce régalienne) and the other for eCommerce (the puce commerciale). M. Blisko says that the effect of the latter would be to open your life to minute surveillance, the Minister of the Interior could learn all your buying preferences and he or she could know everywhere you go.

That Panopticon facility goes way beyond the putative objective of the legislation, which is meant to be restricted to identity theft (l’usurpation d’identité). In fact according to M. Blisko, it leaves the planet altogether and launches into the stratosphere.

Source: University of Tennessee, Knoxville

RECIPE: Mix plastic cards (50 million) and surveillance (24/7) into a large pan. Stir in taxpayers' money (several billion Euros) ...

Let's leave those ingredients to simmer for a while.

In the interim, consider instead this point. If each card is 1mm thick and if you need 50 million of them to certify the French population then, if you placed the cards one on top of the other, you would have a pile of plastic 50km high. M. Blisko is right. Your pile of plastic cards would reach from the Assemblée Nationale all the way up to the top of the stratosphere. (NB: Mont Blanc = 4.81km)

If you had been a Tsar of all the Russias, what wouldn't you have given for plastic cards to use in your propiska system! The прописка was an early form of Russian ID card issued in the nineteenth century to help to govern the population. Plastic – that twentieth century invention – would obviously have made propiski more durable than the mere paper that was available to the Tsars. If only plastic had been available, the Tsars would have ordered a 50km high pile of it like a shot.

They would. But we can't. We know that the earth and the seas are already polluted with too much plastic. If there is any alternative, we should use it and not add to the pollution. Is there an alternative?

What are the plastic cards needed for? Answer, to carry the puces which support secure transactions, whether régalienne or commerciale. Couldn't we put the puces in something else, instead of yet another plastic card? Yes. We could put them in a mobile phone (a portable).

As it happens, not only could we put chips in mobiles phones, we already are putting chips in mobile phones, as the redoutable M. Blisko effectively says:

Aux débuts du commerce sur internet, il y avait beaucoup de fraudes. Actuellement, afin de permettre un échange sécurisé, en particulier lors d’achats dépassant certains montants, il existe des mots de passe, des codes à utilisation unique qui peuvent être envoyés sur téléphone portable, des confirmations par mail, etc.

Payment systems – and therefore identity management systems – are moving to mobile phones. Everything is moving to mobile phones. The mobile phone is an ineluctable evolutionary process in society. Nothing can stop it. Anything that gets in the way is mown down contemptuously.

That includes the old 85mm x 54mm plastic card business. It's outdated and irrelevant. It's dead. As dead as leech-farming (la cultivation des sangsues?). And there's no point trying to revive it. Any tax money thrown at it is tax money wasted.

Today's Tsar of all the Russias would issue digital certificates, not plastic cards. And he would transmit them to people's mobile phones, he wouldn't post them. But not, apparently, today's French technocrat.

A true forget-nothing-learn-nothing Bourbon, the modern French technocrat is prepared to ignore the advent in the last millennium of the mobile phone. He is happy to propose a nineteenth century scheme for use today. In the ancien régime he still inhabits, so what if that means polluting the planet? And so what if it means wasting stratospheric amounts of taxpayers' money?

Our dish of plastic cards and surveillance is ready now. And very unappetising it looks, next to mobile phones:

People voluntarily pay for mobile phones themselves ...
... and they voluntarily take their mobile phones with them wherever they go.
Mobile phones can be tracked. They have to be. That's how the mobile phone networks work. So you can be tracked.
The networks record who you call and who calls you. They have to. To connect the calls and to charge for them. The effect is that the networks know who your contacts are ...
... as well as where they are.
And what's more, unlike the national biometric ID card, the mobile phone actually exists and has all these facilities for traçage now.
As we move around with our mobiles switched on, we are already all of us permanently projecting our identity onto the record, as we have been for years.

Children identify with their mobile phone and their mobile phone identifies them. The mobile phone is an ID card. It just is. It is the culmination of his dreams for any totalitarian (le comble de ses rêves?). It is a rich and succulent main course whereas by comparison the old-fashioned and unimaginative, pedestrian and under-powered plastic card scheme proposed by the French government is a sickly, thin gruel.

Which suggests a surprising conclusion. Inattendu (unexpected) but just for once, perhaps M. Blisko is wrong?

Perhaps the Interior Minister isn't interested in the ID card as an instrument of surveillance as M. Blisko alleges? The Minister's already got mobile phones for that.

The plastic cards are a mistake. They mean that the scheme cannot work for surveillance or for anything else, including the fight against identity theft. The national biometric ID card scheme is not yet born but it is already dead. So why does the Minister want it? It's a mystery.

When in doubt, follow the money. Then it can become clearer.

There are two big transfers going on:

Firstly, with the introduction of digital signatures under the Minister's scheme, risk is being transferred from the banks to the accountholders, and money therefore is being transferred the other way.
Second, a collection of suppliers, including astrologers and stamp-collectors and as we now know latter-day leech-farmers, will be paid public money to create a new identity management network that's not needed – it's not needed because France already has several mobile phone networks.

More and more, this Vichy law of 6 March 2012 looks like nothing more than an illegal State subsidy to a number of favoured industries, at least one of which (85x54 plastic cards) is already dead.

Stillborn (mort-né) French biometric ID card scheme killed by crude mistake in technocrats' design

more ►

Tuesday, 20 March 2012

Brodie Clark has been silenced, several months too late for the Home Office

The Brodie Clark affair is closed. Normal service is resumed, it's as though it never happened, there's nothing to see here, folks, move along please:

Brodie Clark receives £100,000 over Border Agency row - but no one is to blame

The senior civil servant at the centre of the passport checks fiasco has received more than £100,000 after settling his damages claim against the Home Office, with neither side admitting fault.

Brodie Clark stood down last year as head of the UK Border Force after being publicly blamed by Theresa May for relaxing entry checks at airports in order to reduce queues.

He denied he was a “rogue officer”, claimed the Home Secretary had made his position untenable for “political convenience” and began a claim for constructive unfair dismissal.

But on Friday it was announced that the parties had settled before the case reached an employment tribunal.

The amount of public money paid to Mr Clark to settle the case was not disclosed, but it is thought to be more than £100,000.

Neither side admitted fault and while the settlement may save time and legal costs for the Government, it also means the full account of what happened – which let to the UK Border Agency being split in two – may never be disclosed.

It sounds as though Brodie Clark has received substantially the same offer made to him and accepted by him in early November 2011. The offer was quickly withdrawn and as a result the public was treated to a series of media and Westminster battles, three Home Office internal enquiries and a Home Affairs Committee enquiry.

The powers that be must regret withdrawing that November offer because in the interim we have learnt that:

For several years successive home secretaries in successive governments have not, in their own estimation, exercised proper control over the UK Border Force and neither have their understrapper immigration ministers.
The officials are no better than the politicians. Successive permanent secretaries at the Home Office – and the cabinet secretary himself – might as well not have turned up to the office for all the good their presence did. Again, that is in their own estimation.
Ditto successive chief executives of the UK Border Agency and the rest of the Board of UKBA, executive Directors and non-executive Directors alike, their presence on the payroll seems to have added no value. Either that, or Brodie Clark wasn't doing anything wrong.
The Home Office is happy to thumb its nose at Parliament's efforts to discover the truth, in this case first promising and then refusing to disclose documents to the Home Affairs Committee.
The Home Office don't know how to conduct a trial properly, whether that is a trial of new intelligence-led/risk-based procedures or a technology trial. If pharmaceutical trials were conducted to the same standards, we'd all be dead. Ditto airworthiness trials for new airplanes.
The face recognition technology deployed at the border makes no contribution to security whatever and ditto the flat print fingerprint technology.
The "technology" that does work – human beings – is being decommissioned. Fast. Hundreds of members of the UK Border Force have already been laid off and hundreds more are still to go, all to be replaced by technology that doesn't work.
Their lay-offs are not to save money. The government deems it preferable to spend ten times as much on contractors – a motley band of astrologers and stamp-collectors.

And what have the government learnt? Judging by Damian Green's speech to RUSI the other day, nothing. Everything carries on as before. The border remains secure. It remains the case that the 2012 Olympics will be safe.

Brodie Clark has been silenced, several months too late for the Home Office

The Brodie Clark affair is closed. Normal service is resumed, it's as though it never happened, there's nothing to see here, folks, move along please:

more ►

Monday, 19 March 2012

The French parliament wants to comply with the European Commission by making France more like Pakistan

Remember France? Remember 6 March 2012 when the French parliament decided to introduce national biometric ID cards? In a scheme reminiscent of Vichy? Time to take a look at the journey France is making – where did this scheme come from and where is it going to?

The recent history of biometric ID card schemes in Europe begins with the European Commission. In 1999, as part of the eEurope five-year plan, the Commission initiated a project to specify a system for pan-European biometric identity management. The specification job was given to eESC, the eEurope Smart Card forum and in 2003 they delivered OSCIE, the open smart card infrastructure for Europe.

It's a bit daunting, there are 2,000 pages of OSCIE, but perhaps the best thing is to concentrate on the paper on electronic identity, a mere 66 pages. That is the tune that France is marching to. The tune of 27 unelected and unaccountable satraps in the Berlaymont who have given up the job of governing people, it's too difficult, and decided instead to govern electronic identities.

The advocates of biometric ID always say that the cards are intended to make your life easier. With a biometric ID card, it will be easier to get a passport or to open a bank account or to move jobs, they say. But we can already get a passport and open a bank account and move jobs without a biometric ID card.

What the advocates of biometric ID cards mean is that, once we have OSCIE, life without a card will be impossible. The card will be required for every transaction, every communication, every state benefit, including healthcare and education. No card, no life. Life's optional and so the card is optional. The logic is impeccable.

That's where the project is coming from. And where's it going?

As it happens, there is a country that has been issuing multi-biometric ID cards since the year 2000. 120 million of them have been issued by NADRA, the National Database and Registration Authority. With their multi-biometric ID cards, 120 million people can now enjoy the pleasures of ePassports, electronic access control and attendance records at work, electronic driving licences, eCommerce, eVoting and many more.

And which is this country?

Pakistan.

The French parliament have fallen in with the European Commission plan to make France just that little bit more like Pakistan.

Why? What reason can the French government possibly give to explain this desire to become more like Pakistan?

They can hardly say that it's because they find governing people too difficult. Even if it's true. Nor can they get the population on-side by arguing that they are putty in the hands of the Commission, the Commission can mould them into any shape they please, France has to do what the Commission tells them to do. Even if it's true.

Instead, the French government deploys the identity theft gambit. In his 13 July 2011 speech, Serge Blisko (politely) pours scorn on this move:

Ficher potentiellement 45 à 50 millions de personnes – cette estimation a été avalisée par tous les interlocuteurs auditionnés en commission – dans le seul objectif de lutter contre l’usurpation d’identité qui touche quelques dizaines de milliers de Français par an, peut-il être considéré comme proportionné?

A moment's thought reveals that you don't fingerprint 50 million people just to try to reduce the incidence of identity theft which affects maybe 10,000 people, i.e. 0.02% of the people. It's not proportional.

Two moments' thought suggests that the incidence of identity theft is more likely to rise if you collect everyone's enrolments together in a national population register – if you create a single point of weakness, identity theft won't go down, it will go up.

And three moments' thought reveals that under the French scheme identity theft will become legally impossible anyway, not because cardholders won't be defrauded but because when they are, thanks to digital signatures, they'll be irrevocably liable for the loss themselves.

So identity theft can't be the reason. Not the real reason.

The acceptable reason for biometric ID cards according to the government is given in another part of M. Blisko's speech:

Il est vrai que la lutte contre l’usurpation d’identité est un enjeu industriel et commercial important pour la France puisque les entreprises dont nous avons auditionné les dirigeants sont championnes du monde dans ce domaine et qu’elles travaillent à 90 % à l’exportation.

France has plastic card manufacturers and chip manufacturers and biometric technology suppliers who are "world champions" and who contribute mightily, it is said, towards the country's exports. If the French people themselves will only agree to become walking advertisements for these industries, then exports will be assisted. It is every patriotic Frenchman's duty, according to this way of thinking, to become a human billboard in the marketing campaign of a few illegally subsidised companies. (No point complaining to the Competition Commissionner, of course, about that "unlawful state aid". It is the Commission's bidding that France is doing.)

Normally, advertisers pay for space. In this case, the tables are turned, and the mobile advertising space is paying the campaigners. The national biometric ID card scheme will cost billions of Euros. Those billions will not come out of thin air. They will be paid from the tax contributions of every French citizen and company.

It has a sort of Mephistophelean logic. It might work in some countries. But not France. Not in a nation with 246 different cheeses (© 1962 C. de Gaulle).

The French parliament wants to comply with the European Commission by making France more like Pakistan

more ►