Encompassing the Whole World Front Page /// Categories /// Site Index

Identity Cards

What fundamentaly is an identity card?

At it's most basic, it is a proof of Identity which is usefull to have, and more trouble than it is worth to copy.

There are some fairly major problems associated with the implimentation of id cards, including sloppy definitions and the mismatch in expectations this causes.

The first problem is needing them at all. In almost all cases you find this is because the central authority issuing them doesn't really trust the people they are giving them to.

Obvious examples of this include the East German Secret Police, and the Nazi's leading up to and during world war 2.

Once you have a central registry of people (with or without id cards) you have a nearly irresistable temptation for the police and the security forces to "go fishing" in it to find suspicious people, which can only be controled by building in a system to monitor who accesses the information, when and where from. The National Criminal Intelligence Service database in the UK works this way.

It also creates a Honeypot of really nice data for people to want for nefarious purposes. The obvious example of this is the credit card databases held by the banks which get a unhidable compromise every few years.

Another honeypot database is the central NHS database which you can not easily opt out off. see The Big Opt Out for information on how to stay off the NHS system, or phone 01494 882458

Then you have the security distinction between soft and hard id cards, which is usually glossed over, and if they are used in a soft or a hard way which is usually ignored.

The usual example of a soft id card used for soft purposes is your movie rental card. This is usually cheap to produce, and only valued by you and the video shop, and the most anyone can gain from stealing it is the ability to steal a couple of movies, but they have a good chance of getting caught.

An example of a soft card being used for hard security is your credit card (not counting Chip and Pin which actively compromises the security). These are more expensive to produce, and harder to copy, but still cheap (perhaps tens of pence), with a vulnerability of only hundreds to a few thousand pounds, protected to some extent by the credit limit.

Because of the ease of copying, they are worthless as a Gold Standard system of identity proof, and even in world war 2, soft id cards were routinely copied and forged by the security services on all sides.

Hard id cards are designed from scratch to be as unforgable and uncopiable as possible for an affordable price, and are thus very expensive.

Some of the fancier ones include Biometric Sensors to aid in proving that you are you, but there have been cases of body parts being removed to fool the sensors (which didn't bother to check the body part was still attached to a living person).

Examples of hard id cards being used for soft security are passports and driving licenses. The only time they are usually checked is when there is good reason to believe that they have been compromised in some way, because it is not only expensive, but requires highly trained people to spot the fakes.

These are usually as cheap as possible, but fundamentally cost many pounds instead of a few pence, and are routinely copied and faked by various organisations for nefarious uses, everything from id theft to illegal immigration and hiding the identity of terrorists and spies.

These can be useful as a silver standard proof if identity for opening bank accounts, or having people bring in the vehicle and driver documents seven days after being stopped for a motoring offence, but are only checked in exceptional circumstances, and because of the cost, not everybody has them and thus they cannot be used as a magic bullet for finding crooks, terrorists and other bad guys.

Hard id cards used for hard security are always expensive, with some of the best costing hundreds of pounds and containing biometric identity systems and are usually used in access control systems. Because of the cost, you only issue them to those who must have them, and only usually secure those areas which must be covered by such a system. They usually must be carried with you at all times, and are still used in combination with other forms identity control like pin numbers, and if you don't have them, you don't get access.

As they are compulsory to carry at all times, you can use them as a gold standard for identity purposes if you are prepared to buy the necessary equipment so that they are checked every time you need to use them, but the equipment to verify them is usually almost the same as that needed to program them with the information in the first place, which is usually very expensive.

Because of the costs involved, there has never been a sucessfull mass rollout of the technology, and considering the problems with the ongoing Chip and Pin fiasco, you can imagine the extra problems if you try and equip every police car with the technology, let alone every shop, and the current plans in the uk only call for a few regional offices to record your details because of the price, so even the police stations will not have the equipment, so you will not be detected as a fraud until you go to jail or perhaps even later.

As such, the claims to do anything about id theft and terrorism can only work with compulsion to carry the cards, which are expensive, with expensive equipment in every police car and preferably every shop so that the identity is checked regularly, and detailed policies to cope with damaged and lost cards.

And all this is before you consider that the computer system required to centrally run this system will be many times larger than any system sucessfully delivered to the uk government, and if rolled out on a european or america wide basis would be the biggest computer system on the planet, requiring an accuracy similar to that found in aircraft flight control computer systems.

A system of such size and reliability would dwarf any such system ever used anywhere on the planet, and it is questionable if such a system could be produced, and if it could if we could ever afford it.

An alternative system of Identity Proof based on "trust networks" could potentially provide most of the advantages to the user and business, while at the same time providing almost no potential for abuse by any government due to not requiring a central certifying authority because it is based on trusting trustworthy people (like the american notary public idea).

It also would give no central honey pot of valuable data, would need no fundamentally new technology, and would give no real advantage to anyone trying to steal your identity while magnifying the danger to identity thieves massively. It would also be cheap to add to any networked device like mobile phones, pdas and computers which already posses most of the technology to handle digitally signed email.