Saturday, March 08, 2008

That 'Crosby Report'

So Sir James Crosby, ex-head of HBOS and now quango-ing it up as Deputy Chairman of the FSA, has finally published the report into "Challenges and opportunities in identity assurance". He had been appointed by the monocular control freak in July 2006 to lead the "Public Private Forum on Identity Management", some four months after the detailed legislation for the National ID Card and National Identity Register was enacted. So, actually, it is pretty pointless.

In law, we already know what is going to be in the Register, we know how, if not exactly what, we are going to be forced to fund this statist atrocity? So why a detailed report now and why did it take 21 months to produce? I'm sure Sir James isn't saying.

But despite all the time it has taken to produce this, there are a number of problems.  Firstly, it doesn't describe the UK ID Card and Register.  Sir James is describing a system that is free (or, at least, cheap) - para 5.38, efficient - para 5.4, and allows for the inevitable failures - paras 4.7 & 5.37.  Most of all, it stores just the data necessary for the validation of ID - summary and paras 5.20 & 5.21.

He also makes a couple of mistakes - an over-reliance on the capabilities of biometrics in para 1.17 (although para 1.19 does show some, albeit insufficient, scepticism) and a general ignoring of the 'birthday attack', particularly in para 1.18.  Although he is technically correct, the approach in para 1.26 and Ch1, footnote 1 is unfortunate for its stress - it skirts the core issue that the assurance system will not have independent failure rates - they will rely on the same ID Card enrolment, issuance and validation system, for a start.

He doesn't mention terrorism - although 'national security' does get a couple of plugs, and 'border control' is mentioned.

Heathrow currently takes about 160,000 passengers per day.  If you have a 1 in a million false-identification rate (which causes you to be arrested) and a 1 in 250,000 system failure rate (which causes a significant delay or being denied boarding) and there are 20 known terrorists per year going through the airport, 68 people will be falsely arrested, system errors in 271 cases will cause significant delays and no terrorists will be caught.  Why?  Because the terrorists will have correctly (if illegally) issued ID cards for completely 'innocent' identities.

No comments:

HTTP Error 403: You are not authorised to access the file "\real_name_and_address.html" on this server.

(c) 'Surreptitious Evil' 2006 - 2017.