1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

PA Consulting

Collapse
X
51 to 60 of 132 Previous 1 3 4 5 6 7 8 9 14 template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
51 to 60 of 132 Previous 1 3 4 5 6 7 8 9 14 template Next
    #51
    Originally posted by Incognito View Post
    Biometric data. Once on the database, you can't say you're someone else. Gone are the cases of people claiming benefits under 15 aliases and terrorists having 3 or 4 different passports.
    And where is this biometric data going to come from? What is the source that will be used to put it on the ID card to begin with? How will it be verified as being "mine"? What do I have to do to prove I am who I am in order to get thet biometric data accepted?


    You are missing the point here. The flaw isnt that the cards can be forged. The flaw is that you dont need to forge one to being with.

    If I turn up with a fake birth certificate, passport or other forms of ID. Fill in the form to get an ID card and submit my biometric data to be entered on the database against that false ID I get a valid, genuine ID card with valid biometric data on it that matches me as the card carrier but with completely false information as to who I really am.
    Last edited by DaveB; 27 August 2008, 11:28.
    "Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.

    Comment

      #52
      Originally posted by Bob Dalek View Post
      I am a DBA. If I were a naughty type, I could sell the DB to anyone/tinker with it for anyone, unless it was encrypted - and even if encrypted I bet I'd be one of the few (dozens, in reality) who had the encryption key, and there'd be loads of copies on USB keys, Post-Its, etc. In no time, the encyprtion key's worth nowt.

      Safe data? No such thing because humans are involved.
      Exactly, HUMAN error. Just like all the recent data losses that have occured have been down to HUMAN error. It is not down to flaws of the technology or ideal behind it. I have expressed all along that is your attack vector. And what you'll find is that the ID scheme will most probably require DV clearance to get anywhere near it.

      If the system can detect that my biometric data appears more then once, then you have something. But since there will be tolerances in taking Iris, fingerprint and other metrics, chances are the system will be happy for me to have 5 ID cards, all with different names and addresses but broadly similar biometric values.
      I would suspect that if you had more than 1 biometric value flagging within tolerance ranges then someone would most probably take a look at it. Similar Iris patterns yes, similar Iris patterns and fingerprint swirls, erm no.

      We haven't been able to introduce this yet as all data that is imported to the system for passports and driving licences are non-persistent values. Biometric information will change that.
      "I hope Celtic realise that, if their team is good enough, they will win. If they're not good enough, they'll not win - and they can't look at anybody else, whether it is referees or any other influence." - Walter Smith

      On them! On them! They fail!

      Comment

        #53
        Originally posted by Incognito View Post
        Exactly, HUMAN error. Just like all the recent data losses that have occured have been down to HUMAN error. It is not down to flaws of the technology or ideal behind it. I have expressed all along that is your attack vector. And what you'll find is that the ID scheme will most probably require DV clearance to get anywhere near it.



        I would suspect that if you had more than 1 biometric value flagging within tolerance ranges then someone would most probably take a look at it. Similar Iris patterns yes, similar Iris patterns and fingerprint swirls, erm no.

        We haven't been able to introduce this yet as all data that is imported to the system for passports and driving licences are non-persistent values. Biometric information will change that.
        Will every policemen have portable means of comparing the biometrics of the person in the street with what is on the card/database?

        No, so when challenged, holding an ID will be taken as read that the person is legit.

        The whole system is full of holes, and is unworkable.

        Comment

          #54
          Originally posted by DaveB View Post
          And where is this biometric data going to come from? What is the source that will be used to put it on the ID card to begin with? How will it be verified as being "mine"? What do I have to do to prove I am who I am in order to get thet biometric data accepted?

          If I turn up with a fake birth certificate, passport or other forms of ID. Fill in the form to get an ID card and submit my biometric data to be entered on the database against that false ID I get a card with valid biometric data on it that matches me as the card carrier but with completely false infomration as to who I really am.
          I don't know the answer to that, however it will only enter you on the system once, so who cares if you are or are not Joe Bloggs. The system has labelled you as Joe Bloggs. You will only be able to use the label from then on. When claiming benefits, hospital appointments, Immigration reasons, etc. However if you are a wrong 'un and the Police pull you I'm sure if you've been a wrong 'un for a while then I think it shouldn't be too long for the police to realise that Joe Bloggs isn't quite who he says he is and you will have to tell them you're Joe Bloggs as that's the only ID card you have.
          "I hope Celtic realise that, if their team is good enough, they will win. If they're not good enough, they'll not win - and they can't look at anybody else, whether it is referees or any other influence." - Walter Smith

          On them! On them! They fail!

          Comment

            #55
            Originally posted by Incognito View Post
            I don't know the answer to that, however it will only enter you on the system once, so who cares if you are or are not Joe Bloggs. The system has labelled you as Joe Bloggs. You will only be able to use the label from then on. When claiming benefits, hospital appointments, Immigration reasons, etc. However if you are a wrong 'un and the Police pull you I'm sure if you've been a wrong 'un for a while then I think it shouldn't be too long for the police to realise that Joe Bloggs isn't quite who he says he is and you will have to tell them you're Joe Bloggs as that's the only ID card you have.
            It's not going to work if I have no eyes and cut all my fingers off is it?

            Comment

              #56
              Originally posted by DimPrawn View Post
              Will every policemen have portable means of comparing the biometrics of the person in the street with what is on the card/database?

              No, so when challenged, holding an ID will be taken as read that the person is legit.

              The whole system is full of holes, and is unworkable.
              How do you know they won't? It's only a card reader and a datalink needed. What do you think ANPR does? That's not magic you know.

              They might not even do that, they might just give it a cursory inspection and only do a confirmation back at the station if they have to take you in. At the moment the police only require you to produce documents within seven days if they stop you at the roadside. They can check against the dvla database at the roadside. What's to stop them doing similar with ID cards?
              "I hope Celtic realise that, if their team is good enough, they will win. If they're not good enough, they'll not win - and they can't look at anybody else, whether it is referees or any other influence." - Walter Smith

              On them! On them! They fail!

              Comment

                #57
                Originally posted by DimPrawn View Post
                It's not going to work if I have no eyes and cut all my fingers off is it?


                True, you have defeated the system sir. Our country is at your disposal.
                "I hope Celtic realise that, if their team is good enough, they will win. If they're not good enough, they'll not win - and they can't look at anybody else, whether it is referees or any other influence." - Walter Smith

                On them! On them! They fail!

                Comment

                  #58
                  Originally posted by Incognito View Post
                  How do you know they won't? It's only a card reader and a datalink needed. What do you think ANPR does? That's not magic you know.

                  They might not even do that, they might just give it a cursory inspection and only do a confirmation back at the station if they have to take you in. At the moment the police only require you to produce documents within seven days if they stop you at the roadside. They can check against the dvla database at the roadside. What's to stop them doing similar with ID cards?
                  You're missing the point (again).

                  I might hold a card that does not contain my biometrics. Unless the coppers measure my biometrics in the street, my card will checkout and I will walk on by.

                  Full of holes.

                  Comment

                    #59
                    Originally posted by Incognito View Post
                    How do you know they won't? It's only a card reader and a datalink needed. What do you think ANPR does? That's not magic you know.
                    How big will the backpack be for the iris scanner? Or does it just clip onto their utility belt batman style.

                    Comment

                      #60
                      Originally posted by DimPrawn View Post
                      You're missing the point (again).

                      I might hold a card that does not contain my biometrics. Unless the coppers measure my biometrics in the street, my card will checkout and I will walk on by.

                      Full of holes.
                      No, the copper will have your ID number and whatever information you have provided. That will then be checked against the database and confirm that ID number does match up against Joe Blogss of such and such address who is 5 foot 10, male, white, blue eyes, etc.

                      That's all a policeman needs to do. At present a policeman does not take you down to the police station if you've been caught speeding until you prove your identity. There will be no need to in the future. There is a presumption for innocence before guilt in our country.

                      However, if you get in a fight in the pub and hit someone with a bottle and go down the police station, I'm sure the police will be able to query the National Identity Register against your DNA/fingerprints to make sure you really are Joe Bloggs of such and such.
                      "I hope Celtic realise that, if their team is good enough, they will win. If they're not good enough, they'll not win - and they can't look at anybody else, whether it is referees or any other influence." - Walter Smith

                      On them! On them! They fail!

                      Comment

                      Reply to Thread
                      51 to 60 of 132 Previous 1 3 4 5 6 7 8 9 14 template Next

                      Advertisers

                      1. Contracting
                        1. General
                          1. Brexit
                        2. Business / Contracts
                          1. Coronavirus Assistance
                        3. Accounting / Legal
                          1. Umbrella Companies
                          2. HMRC Scheme Enquiries
                          3. The Future of Contracting
                          4. IR35 Reform
                        4. Technical
                        5. Welcome / FAQs
                      2. Social
                        1. Light Relief
                        2. Social / Events
                      Working...
                      X