UK Gov't To Require ID Cards For Some Foreign Residents

craigavonite, writing "It's looking like the UK is in for biometric ID cards within the next few years, despite widespread protest from groups such as 'NO2ID,'" excerpts from an article at the BBC describing a UK identify card to be issued starting later this year: "The biometric card will be issued from November, initially to non-EU students and marriage visa holders. Home Secretary Jacqui Smith said the cards would allow people to 'easily and securely prove their identity.' Critics say the roll-out to some immigrants is a 'softening up' exercise for the introduction of identity cards for everyone."

Re:Big Fricken Whoop De Woo

[daem0n1x]

It's not exactly like that. The new biometric cards are safer than the old ones.

In my country we had paper ID cards with fingerprint printed on it. Now we have smard cards and the fingerprint is in a file inside chip, and it's not readable. So, it's actually improving privacy, not making it less.

The card can be used to perform a match-on-card (MOC) operation. You put your finger in a reader and it asks the card if it matches. This way you can validate if someone holding the card is REALLY the card owner. No central fingerprint storage involved.

Also the data inside the card are signed by RSA keys belonging to the government, so you can't create a fake copy of one.

The current paper ID cards are slowly being replaced by the new ones, which is good because forging an old one is very easy, I wouldn't say the same for the new ones.

Re:Big Fricken Whoop De Woo

[denominateur]

How exactly is the fingerprint not readable if it, rather than just a hash, is stored on the card?

As for the RSA keys, governments, especially the British, have a very bad track record at keeping data safe. Keys of such importance are a very good target for a social or even technical attack. Knowing the track record, however, they will probably end up on some laptop, usb stick or cd forgotten on a public bus or train, sparing the attacker the effort.

And as to the forging, it may be harder to do it, but once you've done it (and it has been shown that biometric passports deployed in the EU are unsafe right now and can be compromised quite easily http://www.guardian.co.uk/technology/2006/nov/17/news.homeaffairs [guardian.co.uk] ) it becomes very hard indeed to disprove that the person holding the passport is not actually the person referenced in the passport / on the ID card. The fingerprints match, the encrypted photograph matches, the RSA keys check out, perfect fraud.

The secondary concern

[Kupfernigk]

Is the "paedophile issue". It has been known for years that these people try to get jobs in children's homes, the police and Government departments to facilitate their crimes. The same thing will happen in the UK: professional fraudsters will try to get sleepers in the relevant areas. As "Government" IT is actually done by subcontractors who are not properly policed, this is relatively easy.

We already have a serious UK fraud problem originating in the Indian subcontinent - Mumbai was for many years the identity theft capital of the East, with fraud companies even keeping copies of real government forms going back many years, and annual ink samples, to facilitate document faking. Add these capabilities to those of our home grown criminals, and any identity card scheme actually becomes an identity theft facilitator, not an obstacle.

(And yes, I write from personal experience - I was involved in a UK case where an Indian physician from Mumbai produced forged documents. It was this experience that got me interested in identity theft and security, because he was using faked faxes, and the judge seemed unable to understand how easy this was to do.)

Re:Where to begin.

[Anonymous Coward]

the Conservatives look even more prone to SnakeOil salesman that the incumbent idiots.

To be fair, all the opposition parties (Conservatives [conservatives.com], Liberal Democrats [libdems.org.uk], SNP [snp.org]) oppose ID cards and say they would scrap them, if elected. Labour are trying to hurry things through before the next election, in the hope of getting far enough that it will be hard to turn back.

Minutiae Points

[mad_robot]

Fingerprints are stored in the form of Minutiae Points rather than scanned imaged.

But that doesn't mean they can't be reconstructed. [ieee.org]

Re:Big Fricken Whoop De Woo

[FailedTheTuringTest]

No. The term "British subject" is pretty much obsolete in law since 1983. (http://en.wikipedia.org/wiki/British_subject)

(There are a few small exceptions for some classes of people who used to be British subjects and are entitled to keep that status if they hold no citizenship of any country, but no-one can now become a subject, so once the people who still fall in this category are gone, there will be no more subjects.)

Re:another perspective

[jambox]

The problem with it is that presumably the #ID constitutes a key that a bunch of other data key on. That means that if I, perhaps a criminal, know your #ID and if I can get access (which may well be possible), I can look up every relevant bit of data the government holds on you.

It's not the card that freaks people out, it's the massive, unified and probably insecure database that it implies!

Re:So?

[CmdrGravy]

Don't the british carry their drivers license?

No, generally not.

How do you ID at pubs?

Huh ? No one's asked to ID in pubs unless they look like they're not tall enough to see over the bar. I've certainly never been asked since I was 16.

We're British and we are not in the habit of carrying papers or having to prove who we are to every tom dick or harry or jumped up offical we come across. The last time I think I had any need at all to prove my identity was when I got my driving licence 5 years ago and the time before that was probably when I opened a bank account 20 years ago.

Re:Where to begin.

[Nursie]

Singapore is already effectively a police state. That's how.

Re:Where to begin.

[aeiah]

i agree with most things you wrote, although i cant let the comment about local newspapers stand. our local paper is packed front to back with murders, robberies and rape thankyouverymuch. none of that celeb shit here, just fear and violence ;) what irritates me most about this ID card move is that they're trialing it with a group of people who cannot oppose it. they're forcing the most vulnerable to go through with it. dont want an ID card? get out of the country. once the ID cards are established in the non-european immigrant sector it'll be easier to push it on the next group. quite how they're gonna get around EU regulations on freedom of movement will be interesting though.