Jofm5

I very much agree, but just like we have to pay tax to the crooks we have to bow to the crooks demands.

Whats more worrying is if they tried to privatise such a scheme - who would get it group 4 ?

aftcargoheat

Excellent work, Jim Mc Auslan, keep it up - I think there should be a special newsletter sent to all BALPA members to heighten awareness of the campaign No2ID.

oapilot

Agree, although more likely to be outsourced to a foreign call centre.

There has been a strong argument for a while to rationalise security checks at airports to one standard, that is quick (unlike MANs tardis), easy and more secure than that which we already have. This would be a worthy aim.

Sadly Jofm5, the Goverment is not interested in this, and whatever their ulterior motive, based on its previous actions in all manner of things, being heard to say the right thing is more important than actually doing the right thing. Therefore proclaiming that issuing an id card will improve aviation security when in fact it will play no greater part in the security process than allowing people to be issued a CRB check is an expensive joke.

If the Government really wanted to take the aviation threat seriously, there are plenty of other things they could do.

The UK Government lost my trust and respect a long time ago and nothing they have done recently has given me cause to change my faith in them. They have £billions to throw at foreign wars of questionable legality, paying bankers bonuses and a whole host of white elephants, but they could never find the money to fund hospitals properly, or look after the old or do anything to improve society other than provide spectacular soundbites and spin could they?

I'm off to calm down before I get banished to jetblast.

oap

Dengue_Dude

Do you think there's a niche market . . . for larger Nav Bags so we can carry all the ID docs for all countries and all airports within them?

This is utter madness. We'll still be subject to ALL the nauseating checks designed to save us from ourselves AND we'll have a posh new ID Card.

What on earth are these people thinking of? One thing for certain - it's actually not for OUR benefit as citizens.

Well done BALPA, with a reputation for being a 'toothless tiger', I'm proud of you!

md80fanatic

I understand the technology well enough to make the statement.....in relation to people and RFID. The chips work great for products in the supply chain, but people aren't products, are they? I don't believe I said the RFID systems were worthless, just completely insecure.

Would you mail to me your bank and credit card information.....if it were protected by the most effective encryption scheme currently known? Strong as it is....would you still trust it in my hands? It's nice that technology advances, but possibility does not necessarily imply necessity. Who benefits? RFID manufacturers and the government, in the form of yet another layer of unwelcome control.

call100

Why are people not reading the thread?? People keep popping up making the same points that were shot down around page 1.
It's about the Database.
It's not like other European ID's
Even if you like this Government you won't know who could be in control of the database in say 10 years time...what if the BNP or worse actually get into power?
The Home Office have actually said that the NID is nothing to do with Security. So arguing that point is..well, pointless.
Biometric ID's have already been cloned and the Government is aware of this but brush it under the carpet.
The biggest threat to Security in this country is in fact the Government.....

liteswap

Quite so. And one issue that's forgotten in the comparison with other European states is that most have some form of written constitution or compact that spells out in more or less detail what the relationship between state and citizen is.

In the UK, there is none.

Nothing stops the UK government doing anything it wants - apart perhaps from the European Court of Human Rights, to whose charters the UK signed up, yet it remains among the worst offenders when it comes to the numbers of cases taken to and upheld by said COHR...so it's hardly surprising that people get pretty damned antsy about a central database policed via ID cards....

Jofm5

I quite agree the government seems misguided on this issue and that an ID card will in no way improve security. It does smell somewhat of a big brother tactic but sadly in the not distant future I can see such a card will be required (in general life).

Before we all jump the gun and say no, I will relate to you my experience over the last week. I was in a position where I had to move homes and rent in a different town - the agents for the property I am now renting wanted quite rightly to prove who I am. For this I needed proof of adress of where I was currently living, i.e. the two utiliy bills and bank statements and recognised photo ID. This actually proved quite hard, my BT Bill, Bank, Mobile (not that it counted) and Electric bills were all paperless billing (as encouraged by giving discounts)- emailed to me on a monthly basis. I printed out the last couple of months and these were accepted on face value, probably because I had my passport and driving licence which were both recognised forms of photo ID.

The paperless bills are easy to forge given a bit of time and effort and we have to remember that not everybody has a driving licence or passport. So in essence a national ID card scheme could/may be a requirement in the not too distance future as the current eco drive pushes more billing online.

Back to the subject of crew being used as guinea pigs for such a scheme, firstly its not just yourselves but anyone immigrating to the country also who will be required to have the ID. Secondly with the RFID nature of the card it should be possible for any company to purchase the equipment to verify the identity of the card holder - this in future should lead to a low cost option for all security access points to standardise on one identity cards thus reducing the amount of cards to be held - of course no doubt some will want some visible identity that can be checked at a cursory glance. However like the oyster card used on LRT can be verified on spot using a hand held device so should an ID card be able to as the technology is not dissimilar.

Yes a biometric card can be cloned quite easily. You dont have to be that close to a scanner for RFID cards to work, a case in example is the new VISA payWave technology whereby your credit card can be in the general area of the scanner. Like with payWave being validated by you entering your pin a biometric card is validated by checking the biometric details on the card - retina and fingerprint samples are much harder if not impossible to clone. As for just replacing the biometric details to that of the cloner is not so easy due to the nature of the checksum on the card (Please read up on MD5 and SHA256) which bind all the details together into a digital signature which the card number itself is derived from - changing a single character from lower to upercase in the name radically alters the signature so the verification fails as would replacing the biometric details.

Interesting question... do you use internet banking ?, do you shop online? these all use the same encryption algorithms present in the technology for ID cards so there is little difference. Yes these encryptions can be broken but the time to do this and the processing power required negate this as being too much effort - identity is much easier lifted from the social networking sites and gained using those details.

In summary we can argue to the hilt against the concept of ID cards, it is more the thought of knowng someone is storing something about you and can aggregate data against that ID that is the deterring influence. In reality it is done all the time already - we already have tracking cookies on the internet monitoing your usage and targetting advertising towards you (e.g. google ads) and we already have the likes of tesco buying purchase history from other shopping chains so they can profile you and target your mail shots.

As for the government and how they manage your data (or manage to lose it) in reality they are no different to any other organisation public or not - it is just that the government have a responsibility to make you aware when its lost.

Like I said above - an ID card is not particularly something I want to see, its probably something thats going to be required soon. I think any fight against it will only provide a short term win in the end. The nonsense about national security etc I agree with being the wrong way to justify such a thing however there are alot more reasons to have it at the moment than not.

757_Driver

JOFM I think youve missed my point.
we should fight against it - no matter how small the victory because it is the thin end of a huge wedge.
At which point would you stand up for your human rights?
did you argue against the detention without trial of 'suspected football hooligans' 10 years ago? Or suspected terrorists more recently?
What about the ban on encrypted emails? or the sweeping snooping powers given to local authority beaurocrats who can now use almost all means to spy on you without ever going near a judge or a court? What about number plate reading cameras and their databases of your movements? did you argue against those? what about the new powers that allow government agencies to take away your passport and driving licence and dock your wages - again without all the bothersome worry of going to court? Nope?
When are you going to stand up?
when the stazi kick your door down and drag your kids away?

You think I'm blowing this out of proportion? well look where this country is now with human rights and freedoms and then think back 10 years. You, nor I would ever have beleived that all these restrictions on our freedoms came to pass without a whimper from a cowed population awed by a shiny toothed smiling idiot and a fat scottish control freak. Where will be in 10 years time? well I can guarantee one thing, if we don't start to push back then we deserve everything we get.
Its time for us to re-establish the principle that the government are our servents, not us, their slaves.

fireflybob

Spy chief: We risk a police state

Well said, 757_driver

llondel

We don't need ID cards because:

1. If someone looks at the photo and decides it's you then that can be forged - my picture with your printed details.

2. If someone compares your biometrics with those on the card then that can be forged - my picture and biometrics with your printed details.

3. If someone validates the card against the database, that can be forged - my picture with your details and biometrics on the card.

4. If someone takes your biometrics and compares them to the database... why bother with the card at all? It serves no purpose.

All that will happen is that people will start to believe the hype that the cards are infallible when they're not. And that is more dangerous than not having them.

Jofm5

Yep as is the case with any photo ID.

No, The details on the RFID would differ from printed details and should be picked up. You cant change the details on the RFID without corrupting the checksum.


If as intended the biometrics are checked you it would fail - I dont look like you and my fingerprints/iris is different.

The card serves the purpose when biometrics are involved in validating who you claim to be.


The above points are aside from the issues - if what you said above was so simple it would not be adopted in the first place.

Dengue_Dude

Well that's OK then - right up to the point where some tosser loses it, leaves it on the train, loses his copy on a USB stick or decides to sell out.

What's wrong with what we've got already - God knows it's hard enough to get Airside passes - and Security don't take any notice of them anyway, we still get treated like criminals?

This subject does tend to raise the blood pressure somewhat doesn't it?

Jofm5

I dont think I have, it may come across that I am for the ID card but I am not - I just see it as being inevitable.

Last week I rented a new property, prior to moving in the agents wanted to do a background check on me, get references etc for which I had to provide ID. The usual documents were asked for - photo ID and two utility bills in my name showing my previous address. Now I have a driving licence and a passport, not everybody does so the photo ID was fine. Utility bills is where in modern life we are changing, each bill I get I no longer get on paper, I get emailed pdf's instead - these are incredibly easy to forge now. With more and more companies offering the financial incentive to get soft bills it is making ID detection alot harder. I can see in the not too distant future it being requirement to have biometric identity identification in one form or another as a means of fraud prevention which is becoming easier as more systems are automated. For this reason I see the biometric identity cards/driving licence/passport coming whether we like it or not. On the up side it will make things like on the spot verification of identity simpler and when you go for that loan on the never never you wont have to take wads of paper with you.


As can be observed, I have written alot on this subject on this thread - I studied the Social Implications of Computers as part of my Masters. I believe I could argue both sides equally well as there are both pro's and cons.

As for stand up and fight - I see this as chasing the horse out of the proverbial gate. For over 20 years now we have had ECHELON intercepting all communications, monitoring for keywords and looking for terrorist/fraudulent activity. ECHELON is the code name for a communications interception network that is run by the UK,US, CANADA, Australia and New Zealand amongst others.

In September 2007 it became EU law for all communications such as IP access to websites, telephone calls, mobile calls, credit card transactions to be stored for the last two years with ready access with at least the last six months worth being online and immediately available to the authorities. In my previous position I had to design and build such a system for a very large european communications provider and yes I did receive a number of calls from SO13 asking for details of specific events. Prior to 2007 the UK Law required 7 years of records to be kept but no requirement for being online.

So we can see that all the information is already there and accessible by the authorities. I cannot see how a biometric identity card is going to infringe any further on our privacy, I can currently only see the possible benefits to the holder of said card.

I personally am neither for nor against the idea, what I would stand up and be counted for would be a petition for a non politically associated agency that monitors,oversees and governs the use of the data that the government agencies already have access to. But that is a whole different kettle of fish.

Regards,

Jof

Jofm5

The point of the biometrics and the checksum on said card is so nobody else can use it. Of course that will only work if the biometrics are properly checked upon production.

I agree this does get people hot under the collar, but I think its more about being forced to accept another ID rather than having the choice to adopt it. What is more infuriating and fundamentlly wrong is the government proposal that we all pay for said ID Cards ( I bet some bright spark will offer to fund these cards in return for advertising on the back).

I do however think that if the idea was thought through properly it could be implemented so that you would only ever need a single ID card right from your library card to your airside pass - but I wont hold my breath.

Cheers

BelArgUSA

Shall I remind that in the early days of ICAO, the pilot licence was a document that was to be accepted in lieu of a passport/visa for pilots on international flights, and inherently as an identity document. A few ICAO member states observed that agreement. Of course, the USSR and other nations did not agree... and obviously, USA required all foreign pilots to carry a crew visa when landing there.
xxx
So forget about the good original idea ICAO had recommended. Makes me laugh, i.e. Brazil does not require a visa for most foreign crewmembers, except for crewmembers from the USA. Why... just deserved equal treatment since Brazilian pilots must have a crew visa for USA.
xxx
Makes me laugh also at UK people upset at the projected requirement for UK national ID. Certainly more convenient to carry than a UK passport. If I am a law enforcement officer in UK, and stop a person, how do I ascertain that you are the person you claim to be...?
xxx
So far, in USA, they still do not have a national ID, despite the acute problem of people living there illegally. However, probably 80-90% of people in USA have a driver's licence, which is the "ID" in USA. In banks, at airports, they often ask your "driver's licence" rather than saying "ID"... And every USA states issue optional "identification cards" for those people who would happen not to have a driver's licence. And you must prove to be a legal USA resident to be issued such an ID.
xxx
Every country I have been, born in Belgium, I had an ID Card there (proof of my name and address), in the USA I had, like almost everyone, my Driver's License to prove who I was, and now in Argentina, I have a DNI "Documento Nacional de Identidad" which happens to be recognized by Brazil where I am frequently. For me, a small ID card is a nice convenience, rather than having to carry a bulky passport.
xxx
I fail to understand the reluctance of Brits about having an ID card. Fact is, I did like the USA system, of using a driver's licence as ID, or an optional "ID" which clearly indicated "this is NOT a driver's license". Maybe UK should use the same concept, make the UK driver's licence a valid ID card document, and to those who do not drive, issue an ID card...
xxx
Increase or no increase of security...? Leave that to your police to decide.

Happy contrails

Stoic

[quote]Belarg: Great. You are clearly in favour of a police state!

The attempt to introduce this coercive technololgy will bring the UK government down as the poll tax got rid of Margaret Thatcher.

Kind regards

Stoic

llondel

BelArgUSA:
As has been stated here many times, the real issue is the big database sitting behind the cards. Every time you use the card where your ID is positively verified, it will be recorded on the database. This provides an amazing audit trail of everyone who has a card and uses it. Most of us don't trust the government to use that data responsibly or keep it safe (not a good track record on either). If I want photo ID then I have a passport, or I could apply for one of those new-fangled photo driving licences (mine's still a paper one). If nothing else, people object to the obscene cost of it all, given that we have adequate means of ID already.

That's your problem. If I'm doing something worthy of your attention then a trip down the local nick ought to sort things out, if not, hopefully you'll go bother someone else. We've been promised (hah!) that it will not be compulsory to carry the ID card even when they're issued, so their existence won't help the police one little bit in this scenario.

llondel

Jofm5:
The point is that you'd have a completely self-consistent card for the person carrying it, but with a different name. If you think that the encryption/checksum can't be broken or compromised then I think history will prove you wrong (if the cards ever get adopted).

Jofm5

LLondel

Consider the following examples

SHA256 gives the following for the word test

9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f0 0a08

and gives the following for the word Test

532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f34 5e25

Just simply changing one character from lower to upper case vastly changes the result of the signature produced.

Within computer forensics creating a signature such as the above is an unobtrusive way of protecting a digital crime scene, when the evidence is presented the signature is checked to prove that no alterations have been made to the evidence - this is acceptable in most if not all western court rooms.

With sha256 there are 256^65 combinations that can be produced, whilst not limitless the chance of a signature conflict is so remote to be considered negligable.

To negate this possibility of a signature clash it is common to perform the signature again using a different algorithm such as MD5. This will result in two different signatures for a single item of data with more permutations than my maths can cope with. The chances of finding a signature clash on both algorithms that can be a result of trying to create anything meaningful are so infintesimal that it is not worth worrying about.

Encryption and Signatures are different - with a signature/checksum you can validate whether the data is has been tampered with. You cannot reverse engineer a checksum to produce the original data like you can with encryption.