Posts by Harry Stottle106 posts • joined Wednesday 2nd May 2007 15:03 GMT
given the complete absence of any business case for the scale of this acquisition, I am minded to cynicism.
One of earlier (Anon Coward) commenters on this story suggests they might want it for access to their encryption "or perhaps the NSA do".
That may not be that far fetched. We know that the various security services have expressed concerns at their inability to eavesdrop Skype calls. Perhaps they figure if a friendly co-operative new owner can let them look under the hood..
now go to http://www.grahamhancock.com/archive/underworld/ where you will find Graham Hancock's been promoting this idea since 2002 or earlier and has been trying to get archaeologists to look under the water. Major vindication of his ideas...
that's what I was told.
No names, no pack drill as they say, but as part of one of my contracts, I was required (only this week in fact) to prepare a list of 400 names for CRB vetting in blocks of 50 in excel spreadsheets. I pointed out that sending these as attachments to an email was like sending them on the back of a postcard and asked how we should encrypt them and pass them the key separately.
The answer was don't bother, just send the data. "We aren't set up to deal with encrypted messages". I'd say that IS a (fairly major) System Design flaw...
If I were an active facebook member (which thank the lord I'm not sir) I would start a facebook campaign in which every member, at least once a day, pressed the panic button "accidentally" and flooded the CEOP twats with a manual DDoS, until they beg facebook to take the button off...
Above my pay grade but the only potential solution I've contemplated in regard to DDOS is what I call "Grand P2P" where - say - a thousand google scale organisations (if there are that many - let's say organisation big enough to pay a $Million dollar sign up fee without whingeing) form a dedicated "distributed master net" which hosts (for example) the authentication keys we'd need to run a Trusted Surveillance system, or the black and whitelists we'd need to eliminate SPAM.
The idea being that not even the most widely distributed botnet could generate sufficient traffic to pull down such a GP2P network.
Does the GFS2 concept achieve similar protection or would there still be a single point of failure (eg the ip address or dns) which would leave the system vulnerable to attack? (a GP2P system shouldn't have that vulnerability because it would have a thousand access points)
Can someone enlighten me?
I'm with the Judge on this one. But neither he nor the Reg seem to understand why the use of these weapons should be seriously restricted if not banned.
It's nothing to do with additional cruelty. The track record of the so called laser guided weapons delivered by manned aircraft is far worse than anything so far managed by the Hellfires.
The real issue is "reduced cost/risk" to the attacker and the problem which arises from that is that it makes it much easier for them to make a lethal decision. And that makes it far more likely that the weapons will be used in increasingly trivial or dubious circumstances.
The protection offered by manned flight is that, if we run the risk of losing a pilot, we'll take a lot more care in assessing whether the target really does need to be destroyed.
It's really in the same vein as I've hinted elsewhere. I'd like to get back to our "Leaders" taking the lead position into any future military conflicts. It's likely to make them much less likely to start their wars in the first place...
Seems to me that there's already enough support here for a class action by any of us who find our detail are held by these jokers without our explicit permission. I'd happily cough a £100 quid. If a couple of hundred of us are prepared to club together we could legally club them into submission. ...and teach the other bastards (who prefer opt out to opt in) a useful lesson
Yeah, I know everybody's having a good giggle, but, though his actions are rather amusing and being caught was humiliating, who, apart from himself, has been in the slightest bit harmed by his embarrassing actions?
Had he been doing this in the middle of a school playground, I might be somewhat more sympathetic to the punishment, but all we know from this story is that a neighbour reported "suspicious" behaviour. I doubt if the neighbour felt threatened by the behaviour and once the local forces of internal repression had check the man out and found him not to be a physical threat, they should have told him to conduct his sexual games indoors and moved on to more important matters.
This is the kind of Police State behaviour which is almost more threatening than the more obvious Tasing and bully boy tactics we encounter more often. Why more threatening? Because nobody bats an eyelid. It's just accepted that a prison sentence for this aberrant but harmless behaviour is perfectly acceptable. Well it isn't.
Very ambitious claims being made for this project. It will fail. But version 15 or 16 should be pretty good and by the time we get to v 20, we genuinely will not be able to distinguish between real and virtual; not without contextual clues at least...
Why's this version going to fail? Primarily because it's an external device. V 15 (or thereabouts) will be internal. But also if the developers agree with this report that "sight is easy" then they don't yet understand the problem. Why d'you think VR helmets haven't already taken off? Because anyone using them for more than about 20 minutes tends to throw up or get a massive headache. Why? Because sight aint easy at all. The problem is that they insist on presenting prefocussed images to each eye at about 3 inches.
The brains "accommodation" algorithm knows it's focussed on an image 3 inches away, but the data in the image only makes sense to the brain if the objects are several feet away (or more). This produces real cognitive dissonance and the nasty side effects.
Solving that problem aint easy; it requires abandoning prefocussed images and somehow presenting the eye with exactly the same data it would get in real life, forcing the eye to focus naturally instead of too short. There's a fortune waiting for whoever cracks that little conundrum...
Classic instance of how Privacy is intimately connected with Security.
Publishing hi res aerial reconnaissance images of buildings makes them much easier to attack. But why has it not occurred to anyone else that this same risk applies to the private homeowner?
Particularly if you include "street view", the potential burglar and other attackers can now "case the joint" without even taking the nominal risk of being seen on the street in the days leading up to the attack. Sauce, goose, ganders etc...
Can someone point me to a formal statement by the government (and/or its contractors) to the effect that this will be a secure database?
I ask because - if such a statement exists - I would argue that we have the basis for a legal suit of criminal negligence and/or fraud (depending who is making the statement) and I for one would be happy to donate a hundred quid to a class action to sue the arse off the bastards.
Anyone doing serious security needs to factor in a 1% risk PER PERSON of security breach by "professional trained security aware" staff in any given year. Thus with 100 properly trained staff you are typically going to get one breach a year.
With 1000 having access, you'll get 10 a year and so on.
With 330,000 we can guarantee approximately 10 a day and that's if they're "professional trained security aware" staff. At a million we're up to 30 breaches a day.
In fact though, probably less than 1000 of that million will be "professional trained security aware" staff, so it is reasonable to scale up the breach rate by a factor of 5 to 10.
So it really doesn't matter. Once you give more than about 50 "professional trained security aware" staff access, regular breaches are inevitable. Under no circumstances can such a database be described as secure...
I find this kind of prosecution deeply disturbing.
MUCH More disturbing than the distorted views the victim is apparently guilty of holding. Do I care that people still deny the Nazi guilt for the holocaust? Of course (my own family lost over 60 members to the Nazis) but these baseless beliefs do no more harm (on their own) than, for example, the conviction held by Creationists that the Theory of Evolution is a conspiracy to destroy religion. Are we going to start locking them up too? If so it's a shame we didn't make that decision before the Americans elected one...
It might have been called Project Saruman...
This is one of those instances where everybody makes the same mistake. They fall into the binary trap. EITHER freedom of the press, OR decent privacy laws. Here's a possible solution. Bring a Jury into the picture. (this is an example of the kind of thing I'm talking about here: http://stottle.blogspot.com/2006/02/shortcut-to-democracy.html)
viz: Any time a paper is about to publish a story which contains a potential breach of privacy, it submits the story to a standing jury established for that purpose alone. It can even be a jury of its own readers, providing they can be shown to represent a reasonable cross section of the community. In practice this would be an online "advisory panel" whose job is to answer the single question, "Does the public interest in this case outweigh the private interest?" Their decision would be considered advisory only (leaving the editorial decision firmly in the hands of the publisher, where it belongs). BUT:
In any subsequent court case, the defendant would be able to use the Jury's endorsement as mitigation and, should the plaintiff win, the penalties would take into account the involvement of a jury and its decision.
For example, if a Jury has pronounced in favour of publication, the penalty would be minimised. If the Jury had advised against publication, the penalty would be maximised. If the Jury hadn't even been consulted, the penalty would be maximised, then doubled.
This would allow Juries to protect the public interest and, where reasonable, the private interests of individuals. It would encourage the media to take responsible, rather than merely commercial decisions.
And I have had about 2 dozen of my users and clients using it without major incident for about 3 months. What I particularly like about it is the configurability (like being able to give access rights selectively to trusted programs) and the option to run ANY program inside the sandbox - which means you can test for nasty side effects before it screws up your system.
Only last night, ferinstance, I used it to test what RealPlayer 11 wanted to install on my system before I let it do so for real. (Answer: 1217 files in about 100 new locations, most of which were utterly unnecessary)
and the question they haven't answered (as usual) is "what is the absolute mortality rate?" It may well be that the risk of cancer has doubled but that others have reduced, leaving to no overall change in mortality, or even, (as now hinted by several strands of cannabis research) a small overall benefit...
Well said sir.
A number of comments have focussed on introducing/increasing "criminal" penalties for data loss. This would be neither effective or realistic. Furthermore it does no more than reinforce the ill-IT-irate approach of the Government's existing incompetent attempts at Security Theatre. They THINK you can impose security with rules constraining humans. Wrong.
As Dunstan puts it:
"As far as I'm concerned, the problem isn't that the data was put onto a USB stick, it is that the data *could* be put onto a USB stick."
The reason The Law cannot possibly help is that it is quite impossible to create a "proportionate" penalty. Why not? Because the point of penalties is to act as a deterrent and whether a penalty is a deterrent depends on the value of the data to the attacker - which is not something under our control.
Yes, we might deter casual theft or incompetence with a fine of a few thousand quid, or a prison sentence. But if the purpose of the theft is serious enough (obvious example terrorism) then no penalty is going to have the required deterrent effect and it's THAT kind of attack we should be most concerned about. And the ONLY protection against that kind of attack is to make it physically impossible for attackers to get at the data. Dunstan again:
"We come back to the basic shortfall: legitimate users shouldn't have access to the data, they should have a view of the data."
And, in cases like the present example, they shouldn't even have a view of the "real" data. For the purposes of research, there is no obvious reason why they cannot have an anonymised view of the data, where any sensitive identifiers have been replaced with pseudo-data.
...is that they give the Police State the one plausible argument they need for "Total Surveillance". Even Terrorism doesn't attract as much support for its countermeasures as does Paedophilia. Hence, if we want to keep the State out of our lives, we're going to have to figure out for ourselves what we do to prevent Paedophiles abusing this medium (the web). And then, do it.
Suggestions?
it exists, but I've just wasted half an hour of my all too precious time looking for it and I can't find it. Somewhere out there, though, is a web page where EMPLOYEES can rate their employers in order to pre-inform potential job applicants.
What the Trade Unions should do, in response to this nonsense, is formalise that approach and create a national - or even international - database of bad employers with verifiable examples of their practices...
www.sandboxie.com
been using it for about a month now on a dozen or so web active machines. Seems pretty faultfree, stable and let's me sleep better at nights knowing that it no longer matters what "infects" my users' machines because it all disappears when they close their browsers. 'course, I can't do anything to stop them handing over sensitive data to phishing sites but that's a horse of a different feather...
I've long argued that kids shouldn't be allowed to use calculators in school until they've demonstrated a reasonable grasp of mental arithmetic. Why? Because if you perform the calculations mentally - at least to an approximation - then you have some idea of whether what the machine is telling you is likely to be correct.
The same obviously applies to idiots with Satnavs. They shouldn't be allowed near them until they've demonstrated at least rudimentary map reading skills so they've got a chance of spotting the fact that the machine is leading them astray...
I can't be the only one who spotted "Suprise"?
More seriously, the case for allowing such "flexibility" is made by Sean Groarke's sample above: "There books - there there."
How would you cope with that sentence if spoken rather than written? Answer "context"; and it's not wildly unreasonable to apply the same logic to the written word. But that only applies to that kind of example - where we're dealing not so much with mis-spelling as with wrong choice of words which sound identical.
Permitting things like "wierd" instead of "weird", however, just muddies the water and ultimately slows down communication.
Interesting. And how did they acquire their "assets" in the first place?
After this, we want to see the Native Americans suing the American State for the theft of their land and genocide from the late 16th century through to the early 20th...
the deep point that the vast majority of the population seem to be completely blind to is that breaches of Privacy can lead to very serious breaches of Security.
is the phrase that makes me projectile vomit at the screen so, inspired by your example, I googled
"government OR opposition AND "hard working families" AND Labour"
(the "AND Labour" excluded the foreign contributors without excluding the British Tories who nearly always use the phrase in close proximity to an attack on Labour)
...which "brought up" (hmmm... know the feeling) 46,300 examples including this beauty from wikipedia:
http://en.wikipedia.org/wiki/Hardworking_families
These words and phrases belong to a class of "button pushing" cliches which politicians believe puts them in contact with Joe Public. Every country probably has its own. America has dozens. IF they work as politicians obviously believe they do, then this suggests that We The People are every bit as stupid as they think we are. Not good news for those of us who aspire to Democracy
"Sovereign immunity basically states that the United States is immune from lawsuits, except in areas where it has given its consent to be sued"
"Sovereign Immunity" is the last vestige of the "Divine Right Of Kings". It's about as corrupt as a political system can get. It's not unique to the Police State of America, of course. They inherited it from the UK and decided it was such a good idea, they would keep it.
As the author points out, there might be legitimate security reasons for the State to need to bypass normal copyright and other legal protections. In this particular case they might even have an arguable case on other grounds. But there is NEVER a legitimate reason why they should not have to at least justify such exceptions to We The People in the form of a duly constituted Jury (if necessary, in secret session)
It continues to amaze (and depress) me that State Bullying like this can be public knowledge and not start riots...
which rich people get flung?
I have alist...
because, with the power the Police State has given itself to crawl all over citizens bank accounts, credit card histories, library loans etc, etc, consumers should be resigned to the fact that no amount of webside security is ever going to protect them from the Organized Criminals who run their country
is the difference between reasonable Law and Order and Totalitarian control.
Punters get upset when they read about talking CCTV in Middlesbrough, but they're actually an appropriate use of the technology. They let people know, in a public place, that their actions are visible and that, if they commit antisocial behaviour, those actions have been recorded. They then have the option of ceasing to behave antisocially or face the consequences. Crucially, the surveillance has no way of identifying the watched and - unless they move from talking to listening, they present only a minimal breach of privacy. In addition, it actually prevents trivial crimes and petty nuisance and, as such, is largely welcomed by the natives.
ANPR is a whole different kettle of fish. With that, anyone with access to the data (and that, currently, is probably a few thousand people) can't just watch what's happening in a given area but can identify who they are watching. Not only that, they can ask questions of the data like "Where was that car an hour ago?" (or "last thursday" etc) and so on.
One of the advantages to an attacker of knowing where you are is that they also immediately know where you aren't. So if, for example, the attacker wants access to your home for reasons of theft (of goods or data) or to plant close surveillance devices, then knowing that you're out and about is a pretty serious advantage.
Permitting the State to monitor its citizens to this extent is the most dangerous and ignorant mistake the citizenry can make. Even if the current incompetent incumbents are not inclined to abuse such powers to the extent of the nightmare totalitarians we frighten small children with, merely allowing such an infrastructure to be built massively increases the chances that such a regime will arise and find a warm welcoming environment ready made to accommodate and empower it.
The question is - how do we make our ignorant fellow citizens aware of the potential dangers and, in particular, the crucial difference between anonymous watching and targeted tracking.
Clearly the government strategy at the moment is to bombard us with more and more cases for targeted tracking, which will, coincidentally, make it all the more necessary for us to be able to prove our identity with their trackable ID Cards.
If you're interested in exploring the alternatives to their draconian proposals, please pop along to http://www.fullmoon.nu/book/side_issues/IdentityCards.htm
is twofold.
First, as some have pointed out, the information they need in order carry out a CRB includes most of the data they want to put on their National Identity Database (excluding - thus far - biometrics)
But second and more insidious, it is a trial run of the process of introduction of the "voluntary" cards. As the article spells out in painful detail, the very existence of CRB checks is forcing more and more people to use it in order to stay in the marketplace. That is precisely how they will force everyone to use their ID Cards.
What they're learning here is just how much resistance they can expect to such tactics. The answer seems to be "not much"...
http://download.zonealarm.com/bin/free/1043_zl/zapSetup_70_483_000_en.exe
and I've installed it (and then the Windoze update) on 7 machines so far and it works
of declaring the likes of the BBC as "impartial".
Don't get me wrong. I'm a big fan. Their standards are high and without doubt, vastly superior to the alternatives, particularly in the fields of news, documentary and discussion programs. They are one of the few areas where Britain still genuinely punches above its weight. But impartial they aint.
They may occasionally appear to indulge in conflict with the sitting government. But you will never find them challenging the establishment because, of course, they're an important part of it.
I don't know whether it's bad reporting or genuine stupidity on the part of the researchers. Whichever, they are nowhere near their goal of matching human cognition and will not be, even if they have created a machine capable of passing the Turing test. Why not? Because they don't appear to understand the difference between emulation and simulation.
A good example is provided by my latest experience with voice recognition software. Although it is clearly a thousand times better than it was 10 years ago, and is now capable (in conjunction with macro express, turbonotes and a few other similar apps) in making my computer carry out simple plain english instructions (simulating simple human behaviour) it can only do so at the expense of total domination of the processing power of the system - making it essentially unusable because I want to do many other things with my machine at the same time.
The reason for its failure is that, in order to be able to do the - admittedly impressive - things it can do, it has to spend the whole time listening to what's going on in the world in order to make an intelligent decision "Should I be reacting to that noise?". If human brains worked that way we'd be stuffed. Instead we have superb "attention grabbers" which monitor the environment in background and only bring it to your conscious attention when it thinks it will matter to you. In order to "emulate" human cognition, computers have got to start processing data about the environment like that.
That's a software problem, not hardware and until they address that issue, the machines they create might be able to perform intelligent tricks and even simulate human brains, but they will remain completely alien to human thought processes until they can emulate the way we process data...
Should be established as a War Crime.
This is an example of the sort of thing we shouldn't allow governments (or their subcontractors) to do. The fact that we have to kill people from time to time is a regrettable necessity in the real world. Automating the process should be considered a war crime. There must ALWAYS be a human in the loop, making the final decision to pull the trigger. All other roads lead to "Terminator" technology.
Excellent Article.
Strangely, I'm not particularly worried about this even though, as Lord McIntosh puts it in a previous related reg story: (http://www.theregister.co.uk/2008/04/25/justice_bill_extreme_pron/)
"What does it matter to the Government whether what we have in our homes for our own purposes is for sexual arousal or not? What is wrong with sexual arousal anyway? That is not a matter for Parliament or government to be concerned about."
The reason for my apparent complacency is that the British Juror has an excellent track record in this field. That's how we struck down the censorship in the 60's (They tried to prosecute book sellers for "Lady Chatterley's Lover" and the Jury said fuck off) and will no doubt do so again, when the first of these cases gets to court. Of course, I am annoyed by the totalitarian "thought crime" aspects of their attempt, but that has the useful benefit of illustrating just how incompetent and dangerous the bastards are and makes it easier for me to push my main message.
http://www.fullmoon.nu/book/chap.php?id=c07_2
The answer is not to watch each other - that's the corrupt system we have now; the infrastructure for the totalitarian wet dream.
The answer (as I've been arguing for almost as long as Brin) is to watch ourselves.
http://www.fullmoon.nu/book/side_issues/IdentityCards.htm
How do we watch the watchers? Amongst other things, we put cameras on them and audit the footage. This is precisely the kind of thing we are arguing for here:
http://snipurl.com/27w2q
is the rather important observation that the authoritarian practices Tim correctly describes are merely following in the well trodden footsteps of the Police State of America.
In the opening to my chapter on the Drug War I make the following points, which I think Tim's description fully vindicates:
There are two forms of Cannabis Psychosis. The first is a treatable clinical condition which affects about 3% of the young (largely) male users of the drug who tend to overindulge in their teenage years. Those most at risk are those who have a genetic predisposition to psychosis, particularly if they have inherited two copies of a specific genetic variation. Fortunately, in most cases, if they stop consuming, the symptoms clear up without further treatment.
The second form causes far more long term damage. It is an untreatable social condition which affects about 25% of those who have never consumed Cannabis. It is a deeply rooted sub-clinical phobia usually triggered by a religiously inspired fear of the liberating effects - in other people - of intoxication. This is often combined with a monomaniacal desire to control the behaviour of other people. The net result is a dangerous form of anti-social behaviour which has produced a form of low level warfare within society between those who wish to consume Cannabis and other recreational drugs and those whose mission in life is to stop them. This warfare - commonly referred to as "The War On Drugs" has been going on since - at least - the 1920s. Here we seek to explore this psychotic behaviour.
***************
If you want to read the rest, you'll find it minding its own business right here:
http://www.fullmoon.nu/book/chap.php?id=c11
the news in this story is not the snooping. We'd have been 'king amazed if that hadn't been going on. No, what really matters is what it reveals about the mindset of the children in charge.
"Kennedy revealed that less than one per cent of total HMRC staff per year have been caught improperly accessing information."
and
Kennedy told the Commons the numbers "reflect the strength of HMRC's internal disciplinary procedures".
these two passages reveal that they think they're actually doing rather well and that "only" one percent bad appleship is acceptable when you're holding the private and sensitive data of 40 million citizens. That alone should be enough to persuade doubters that they are not fit to govern and certainly not fit to be holding sensitive data.
Unfortunately their audience (the unwashed masses) are, if anything, slightly more ignorant than their political masters and they too will probably think along the lines of "less than one percent" being a perfectly acceptable security standard.
Those of us who care about these things (including most of you likely to be reading this) need to figure out how to present the "Idiot Guide to Stupid Security" so that we can make the wider public begin to understand the full dangers that governments represent when we let them loose in this area...
This is EXACTLY the scenario we can expect in the UK if they can hold "suspects" for more than a few days without charging them. They're already up to 30 days and still trying to push for 42.
There are two procedures we can introduce to control this behaviour. First, it is foolish to deny that there are occasions when we will have to detain suspects indefinitely for a variety of reasons, some of which we can't even foresee. However, should that EVER be the case, we must not let politicians, police or judges be empowered to make decisions which restrict the liberty of the citizen without due process. Such powers should only be exercised by We The People in the form of a duly sworn Jury.
Second, when it emerges, as it did in the this case, that no charges are to be laid, the suspect must be compensated for loss and injury and the State must be penalised. Where appropriate, decision makers should be prosecuted or at least fired and the State should pay a substantial fine (£1million plus) in the form of a charitable donation to one of the recognised organisations (Liberty, ACLU etc) who make it their business to defend victims in this situation.
What this would achieve is a strong disincentive for the State to practice licensed terrorism against its own citizens while still permitting unrestricted detention when a Jury has been properly convinced that it genuinely is necessary.
"What I think is needed is that by default, any time RIPA is used without court approval, the council or whatever has to notify the person that they were spied on."
and there you have one of the core concepts of Trusted Surveillance.
as Anon Coward said:
"Yet who knows why they were spying on people, we only have their word for it"
This is a problem we can solve if we get our act together...
http://www.fullmoon.nu/book/side_issues/IdentityCards.htm
I actually submitted the comment below to the Daily Mail on 10 April but they chose not to publish it. Can't imagine why, so I'll share it with you guys:
*******************
Bloody good idea!
I have no objection whatsoever to the forces of internal repression being tagged and tracked from cradle to grave. Well, OK, from the moment of their employment in a position of authority to the end of such employment.
As I've described here, http://www.fullmoon.nu/rtpforum/phpBB2/viewtopic.php?t=155
I also want the police to be routinely equipped with video cameras which record their every action and for their arrests to be illegal unless every important part of the process is captured to an immutable audit trail.
Then and only then can we begin to trust them like we naively used to do in the early fifties, when Dixon of Dock Green was the public image of the police and the bent cop was a nightmare to frighten small kids with.
Now, the kind of tagging that the Big Brother state wishes to impose is, of course, an extreme potential invasion of their privacy and anonymity and it is tempting to let the buggers suffer. It might make them a little less keen to impose that kind of nonsense on the rest of us.
On the other hand, that approach might backfire. Once they are duly tagged and tracked, they might start arguing that what is sauce for their gander should be perfectly acceptable for us geese, so I'm inclined to remind them that they can have the best of both worlds, if they want it. They can maintain full tracking and accountability while actually improving their privacy.
If they want to know how they can square that circle, send them along to have a look at http://www.fullmoon.nu/book/side_issues/IdentityCards.htm
"And are you saying that if we suspect someone is a suicide bomber, we invade his privacy without any prior suspicions..."
...the prior suspicion is surely that the target is a suicide bomber. Dork.
That aside, the issue is then whether the suspicion is reasonable in the circumstances and THAT is where we MUST put the chokehold on the Police State.
viz EVERY such assessment must be captured to an immutable audit trail and subject to monitoring and approval (even if, occasionally, after the event) by a JURY not a Judge and certainly not a politician or policeman.
That way we'll know whether or not their actions were reasonable in the circumstances.
Nothing less than this can protect us from State licenced abuse.
with "minimum disclosure tokens", unlinkability and strong revocation, it could be mistaken for my own proposals (http://www.fullmoon.nu/book/side_issues/IDDown1.htm) but a key consideration is that while we obviously need the likes of Microsoft to adopt and promote the system, we cannot and must not trust any commercial OR government organisation to host the service. The relevant code and protocols must, of course, be Open Source. Nevertheless, there is plenty of scope for participants to make billions using the system, but the control MUST be in the hands of We The People - directly - through Juries and Public Trusts.
The critical question here (in line with the first commenter above) is whether it was a public or private performance. I can concede the complaint if it was public, but if it was private, what business is it of any third party?
Or are we supposed to assume that anything which can be captured on video by nosy neighbours is automatically public from now on?
This story illustrates both the weakness of fingerprints as a method of access control and the naivete of politicians who think biometrics are the sole solution to access control. It's all very well finding a unique biometric but if it is relatively easy to steal and duplicate - as this example demonstrates, then it has NO value in any security situation that MATTERS.
Knowing, for example, what we now know about how easy it is to steal and use your fingerprint, would you be happy to grant access to your house or car based on fingerprint alone? Of course not. So why should we imagine that fingerprints are a remotely sensible way to protect access to aircraft or sensitive databases? (abuse of which could do far more damage to society than having your own house broken into or car stolen)
This is not to say that biometrics are not useful. But the only biometrics, so far, which cannot be trivially stolen and represented on cue are your dna fingerprint (which still takes too long to be used for access control) and your retina print - which can be performed in a couple of seconds. And even then, we can only trust it if the test is performed in our presence with kit we control.
Conclusion, the only safe and practical biometric is the retina print and it is only guaranteed secure when used on trusted kit on trusted premises and supervised by trusted guards. Anything less is "Security Theatre"
On the question of risk of abuse by State and other bullies, I'm slightly attracted to Jerry's idea of defeating exclusive access by publishing our own biometrics. We could then legitimately claim, for example, that if our spoor is ever detected at the scene of a crime, it could have been planted there by a hostile party wishing to frame us. This could, at least, provide Juries with enough doubt to make the prosecutors' task much more difficult.
But we cannot glibly ignore the downside of that breach of our own privacy. It would, for example, make us much easier prey for stalkers, private detectives, government agents and other hostile attackers who may not wish to frame us but do wish to spy on us.
One could raise all sorts of legalistic objections to these searches but they're all secondary. The real issue here is that a laptop (or home computer) is now becoming an adjunct to your brain; a place where you can - and many people increasingly do - keep your most private thoughts. Invasion of your private thoughts is about as totalitarian as we can get. Furthermore, penalising someone for material found in such a search is, by the same logic, a straightforward "thought crime".
If there are any woolly minded authoritarians out there who think there are any circumstances under which such a search could be considered reasonable, let me ask you to stretch your imagination forward a few years to the point (and very real prospect) where we no longer need laptops but instead have implants which serve the same purpose (and a lot more besides) and which we can address with pure thought. Would you also consider it reasonable for the various police states to open you up to get at your implant? Why not have done with it and simply insist that on entry to the country, we must all submit to having our minds read by the new generation of brain readers? Where, in other words, would you draw the line?
You are quite right to imply the technical consensus - which is that we cannot protect large scale databases filled with sensitive data to which large numbers are permitted access.
However, as I explained here: http://stottle.blogspot.com/2007/11/datastrophe.html
"Only those with political or commercial interests claim that such protection is possible."
So the question is, where did the "collection of techies" who should have briefed her on that consensus actually come from?
