U.N. rapporteur raps Britains’s law on fingerprinting foreigners
BC-UH-Britain-Racism
By Sara Sasaki

LONDON. July 18 – A special U.N. rapporteur on racism on Thursday criticized Britain’s new immigration legislation on fingerprinting and photographing all foreign visitors as a process 0f treating foreigners like criminals.

Ooudou Diene. on his last day of a six-day visit to Britain to conduct a follow-up of his report on racism, said at a press conference in London the immigration bill that just passed through Parliament on Wednesday “illustrates something I have been denouncing in my reports for four years.”

“It is the fact that, especially since Sept. 11. there has been a process of criminalization of foreigners” all over the world, he added.

The enacted legislation will allow immigration officials to take biometric data from foreigners age 16 and above as pari of measures to light terrorism, enabling them to check for past deportees and anyone designated as a terrorist by the justice minister.

But Diene warned that the fight against terrorism is being used against foreigners worldwide and governments are criminalizing them when they are actually supposed to protect them.

The measures of the new legislation exclude ethnic Irish and other permanent residents with special status, those under 16, those visiting Britain for diplomatic or official purposes, and those invited by the state.

But foreigners living in Britain without special permanent residence status such as those on a work visa will also be fingerprinted and photographed at immigration upon arrival.

Alter his visit t to Britain last July, Diene said racial discrimination in Britain is “deep and profound,” and expressed concerns over the treatment of Scottish indigenous people, Muslim and Hindu minorities living in Britain and new immigrants originating from Asia, the Middle East Africa.

[…]

http://www.debito.org/kyodo051806.jpg
http://www.debito.org/rapporteur.html

BRITISH visitors to America will be required to register their travel plans online 48 hours before departure, according to a bill expected to be passed by the US Congress this week.

This will cause even more people to choose other places to vacation, study, etc etc. Already people are turning their backs on the USA, and this will make it even worse.

Online registration will give US authorities the chance to reject travellers before they leave their home country. Michael Chertoff, the homeland security secretary, said: “It will avoid the problem where somebody shows up at the airport in the US, winds up getting rejected and has to fly back.”

How many times does this happen, out of the millions and millions of people who persist in visiting that country? What are the facts?

The form will ask for passport number, flight number, purpose of journey and place of stay. It will be similar to the one passengers currently fill in mid-flight and, said Chertoff, would “probably be good for a year or so”.

Probably… ‘Or so’… Nice!

It could cause problems for visitors travelling at short notice although there will be some provision for last-minute bookings. The new 48-hour rule is expected to be implemented next year.

It WILL cause problems for visitors and what it will do is put the USA down on the list of places that immediately come to mind when you want to go somewhere just for fun. From now on, only people with a compelling reason will go to that place.

Chertoff denied the system was draconian in comparison with some European security laws. “In various parts of the continent if you don’t carry an identification card you’d be put in jail whereas in this country that would not be tolerated,” he said.

This line is the one that caused me to post this wretched garbage.

Everyone knows that the usa is trying to bring in a de-facto ID card, and that the states are, one by one, enacting legislation to forbid REALID. Everyone knows that you cannot get on an internal flight in the usa without ID. Everyone knows that the police can demand ID from you and if you do not comply, you get not only put in gaol, but tazered Check out the video of this very thing happening and read some posts on Papers Please! to find out what the truth about this really is.

Pocket Satan living dead faced Chertoff, consummate lair, fear-monger and un-American bastard has no business admonishing Europeans for their (admittedly very bad) ID policies when in his own country what they are doing and what he is personally responsible for is far far worse.

Travellers to America are already subject to photograph and fingerprint checks, causing long queues on arrival.

and ‘Sarah Baxter’, who wrote this garbage, forgot to say that this is the cause of the sharp and sustained decline in the visitor numbers to the usa.

The measure would apply to Britain and 26 other countries, mostly from the European Union, whose citizens are allowed to travel visa-free to America for up to 90 days.

And it is the money from tourists and businessmen from these 26 countries that is being blocked by this insanity.

The bill is part of a series of tighter border controls being introduced.

[…]

Times

No, it is part of the insanity that has gripped the usa. Get it right you idiot!

The visa applications of more than 100,000 people applying to enter the UK were left unprotected and open to manipulation, according to an official report into one of the biggest privacy breaches in recent history.

There are so many things we could do with this article, the first one being substitution for ContactPoint. But I think you get the message.

There are fears that some of the applications may have been doctored to allow terrorists and criminals to enter the UK. GCHQ, the government intelligence agency charged with tracing the applications, is finding it difficult to investigate the claims because of poor quality records.

This is bullshit. There are already enough ‘terrorists’ in the UK by their own reckoning they do not have to enter here by stealth to cause havoc. This logic is completely flawed. It could also have been used to get people in here who simply want to go to the pub.

Last night, politicians described the security failure as ‘shocking’ and said it fatally undermined the government’s claims that electronic ID systems could protect the UK from the heightened terrorist threat.

And yet these are the same people who voted for ID cards, and ContactPoint. THAT is what is shocking.

The findings of the three-month independent investigation into serious breaches of the the visa application process – focusing on system abuses in India, Nigeria and Russia – were slipped out on the last day of Parliament in an apparent attempt to bury bad news.

They always do this.

Its conclusions raise disturbing questions about Britain’s ability to police its borders.

NO IT DOESNT YOU BLOODY MORON.

What it DOES raise questions about, questions that you do not have the intelligence to pose, is how are they going to police ContactPoint and the proposed NIR if they cannot protect the integrity of a mere 100,000 Visa applications.

Once again, it is astonishing that they are not using cryptography to solve these problems. It is astonishing that the Visa system is so badly designed. It is astonishing that they are using contractors to do this job when it should be done ‘in house’ by civil servants.

The report focuses on a private company, VFS, contracted by the Home Office and the Foreign and Commonwealth Office to process the online visa applications of Indians wanting to visit Britain. It later won similar contracts in Russia and Nigera.

This is too important, hysteria over immigration and false fear over ‘terrorism’ or not, to be in the hands of a private contractor.

But in 2005 it became apparent that the system was chronically flawed. An applicant informed VFS and UK Visas, the government agency in charge of visa processing, that he was able to obtain confidential information – including passport numbers, criminal convictions, ethnic origin and travel details – about other users of the service. He also showed how he could amend other people’s visa applications online. But despite the warning, the system wasn’t shut down until May 2007.

This is very interesting.

When they say ‘an applicant’ they mean a Nigerian or an Indian or a Russian volunteered this information. I guess all the people trying to get Visas for the UK are not all bad after all!

What this bad article also does not say is that ContactPoint is going to be delivered online also, and that this means that people are going to get in there from anywhere also, and the records of children are going to be accessed.

These Guardian articles routinely fail to connect the dots and make the connections. They really do fail it over and over again.

The official report into the security lapse concludes that the government’s National Infrastructure Security Coordination Centre – the former body charged with evaluating the security of IT projects – would have not approved the scheme if it had been asked.

This is irrelevant. The system of issuing Visas can be made infallible and secure and much more simple than it is now. If you have ever seen the absurd spectacle of Immigration officers with loupes inspecting Visas for forgeries at Heathrow you know what I am talking about.

This is how you might do it.

Firstly, Visas must be issued correctly. They must be issued with all the checks that they have been using historically to good effect.

Then, when the Visa is issued the visa number and an image of the Visa and its ‘owner’ are hashed together with GPG an this package is put on an immigration server that is accessible over the internets. When the person who has the visa arrives at Heathrow, all the operator has to do is check that the visa on the system is the one stuck in the passport. He checks to see if the entry has been tampered by checking the signature on the file. If someone got in there and swapped information or altered it, the signature will fail. This means that even if someone gets into the system, they cannot change entries because changing them breaks them; they become tamper proof.

After this, you will never again see people inspecting Visas for forgeries because they will be impossible to make. The only forged Visas in the system will be the ones put there by the ‘security services’…but that is another story.

This is a similar process to the Meau² named ISLAND decentralized passport authentication system. It is inexpensive, fool proof (even when it is being operated by fools) and can be done right now.

The report notes that FCO IT security advisers were not asked their opinion about the project and that no third party tests were carried out on the system. The Conservative shadow Foreign Office Minister, David Lidington, said he feared the system may have been exploited by terrorists and criminals.

[…]

Guardian

David Liddington is clearly a moron.

A lurker writes via email:

>for your post tipping points!

Whether due to stringent security measures long lines or general distaste for our elected officials, British tourists are staying away from American soil just as that moment they should be most ready to pounce on it.

The number of Britons travelling to the US has fallen a quarter since 2000 just as the pound is proclaiming its dominance of the dollar. In fact, with current exchange rates (£1 to $2.06), America is a virtual half-price sale. “Everything must go!” reads the sign under the Statue of Liberty.

A recent article notes that Orlando, Florida, home of Disney World, is really feeling the tourist squeeze. But I don’t blame Britons from staying away from that somewhat creepy and entirely plasticine city. Even if the exchange rate were one to 20, it would never be worth the money.

[…]

Guardian

And look at the superb comments for further insights:

Or, go to somewhere in Europe. A lunch in a bistro/brasserie in France could be a goats cheese salad, followed by blanquette de Veau(veal in sauce) or mussels and frites or braised ham in cider sauce, followed by cheese and then a pudding. About 10-12 euros, often including 25cl of wine. Including tax and service, bread and water on the table. Cheaper than your US heart attack on a plate, apart from being imaginative, delicious, fresh, wholesome and balanced.

Plus you are unlikely to be surrounded by squeaky voiced American women (why are their voices always so high pitched), and no heavy security and visa issues to get there.
Posted by ManchePaul on July 24, 2007 5:30 PM.

…

If you put any money into the US economy, their government will just waste a fair proportion of it on bombs and bullets, in the name of US imperialism.

So, as soon as the neo-cons are gone, I will buy some US products. But until then, they can go to hell.

Sometimes, you just have to be cruel, to be kind!
Posted by ThomasCopyrightMMVII on July 24, 2007 5:52 PM.

…

agree that the USA can be beautiful in places, but why do i always get the feeling they’d rather i didn’t come?
who needs the grim-faced interrogation, finger and eyeball scan at immigration after a long flight? and leaving is no better – i’m sick at being barked at at maximum volume when going through security to my flight gate like i’m some kind of idiot.

Posted by gonetofrance on July 24, 2007 6:34 PM.

…

American is a beautiful country with some lovely people. However, visitors are made to feel very much less than welcome at immigration. Treated like common criminals: fingerprinted, photographed and regarded as lesser mortals by uncommonly unpleasant immigration officials. Little wonder that some people choose not to undergo this humiliating treatment too often. Why is it that most other countries can make you feel so welcome on entry but not our closest ally?
Posted by greysky on July 24, 2007 7:03 PM.

…

I would go to America for a holiday or a visit but I find the security paranoia of the current American government a big put off. I do not want the hassle of such a security system, every day something new as regards security – America used to stand for freedom and friendliness but not anymore. Maybe the next President can take the militarism out of the culture. In the meantime, I will spend my money in a friendlier climate – in the mean time good luck.
Posted by Quiller on July 24, 2007 7:40 PM.

…

After I got my UK pilots licence the USA especially Orlando was very high on my list of places to go. Until I started to hear the stories comming back of other people who “used” to go to the USA for flying holidays. A few enquiries and a look at the long line of visa applicants waiting for permission to do what ever in the USA (visa waiver does not apply if you want to fly or study in USA) turned me off. Then the rest of the stories of hard nasty bully boys in immigration told by friends I know and trust. Add to this the stories of what the immigration department does to people who wish to hire aircraft and an experiance with US immigration on a transit through to New Zealand (where I could hire a aeroplane) and the exchange rate can go to 2 million to 1 and you won’t find me any where near the place.
Posted by nussle on July 24, 2007 7:41 PM.

…

Who wants to go to a country where your personal data is taken at the border and may be misused or mistakenly used in the most catastrophic way? There are lots other places in the world to visit and many that are much more interesting and cultural.
Posted by DanJ0 on July 24, 2007 8:25 PM.

…

I agree with all comments made regarding airport security and being treated like a common criminal. I used to travel to New York frequently but, after the last time, I refuse.

What I would like to see is Americans being finger printed, scanned and barked at UK airports. For too long the USA has been able to make arbitraty decisions, mistreat people of other races and nationality. Perhaps if we were to mirror their policies to their nationals, ordinary Americans would get an idea of how utterly disliked they and their country has become.
Posted by Taus on July 25, 2007 9:36 AM.

…

The only way you’d get me there would be by extraordinary rendition.
Posted by tarquinbullocks on July 24, 2007 8:39 PM.

The sweet smelling steam from the pouring of righteous nectar-bile on the raging fire of US fascism. Did I just type that? Hmmmmmmm…anyway…

Can you say, ‘Tipping Point’?
Can you say, ‘Post Tipping Point’?
Use the google to see what BLOGDIAL said about this in 2003-ish.

It took the Soviet Union 70 years to collapse; hopefully the Neocon Putsch will soon come to an end, and that once great country come back to its senses.

In the mean time, no decent person goes to america. No person with any sense of dignity or self worth puts themselves through the humiliating, degrading and utterly pointless USVISIT.

The momentum of refusniks unwilling to sacrifice themselves to the beasts who run that country is growing, and as people come back from holidays in civilized countries, where the welcome is warm and proper, with stories of good and hassle free times, the pressure on the us to ‘KNOACK ITOAWF’ will be irresistible – they need and lust after the tourist money more than anything.

He knew about it from the beginning:

I am not sure if this is still the case, but certainly a year or two ago among the plans for the new Terminal 5 at Heathrow was an elaborate and supremely high-tech tracking system for passengers.

The architect from the Richard Rogers partnership told me about it with a gleam in his eye. It was difficult not to feel caught up in his enthusiasm. It worked like this: the terminal, a highly evolved amalgam of building, computer and machine, would know about you before you arrived.

When you had bought your ticket, an image taken from your passport would already have entered its systems. As you arrived, flustered and anxious in the way only airports can make you, Terminal 5 would look at you through its myriad cameras, compare your face with the large number of faces on its database, measure and recognise you – the word “biometric” was not yet common currency at the time – and then, even through the fluster, know you for who you were.

[…]

The Telegraph – from 2003

What follows is a good article of the type we have all read many times.

What this article, sent to me by email, proves, is that Richard Rogers knew from the beginning that dehumanizing fingerprinting and photographing tools were to be used to corral passengers at Terminal 5. That firm was not only complicit in this shameful place, but enthusiastic about it.

Instead of using the design of the building to segregate passengers and do the work of keeping immigration rules in place, they deliberately broke the design of the building to facilitate an experiment in managing crowds through Orwellian identity documents.

Berthold Konrad Hermann Albert Speer immediately comes to mind; an architect whose work served to promote and enshrine the bad guys of his time. Now Richard Rogers can be classed with him; this Terminal was designed to promote boost and brainwash the people who pass through it into accepting the police state system of ID cards, universal surveillance and everything decent people loathe.

This building might not be destroyed as some of Germany’s buildings were after the war. They might however have their design flaws fixed by refurbishing so that the building does what it is meant to do, as all other airports have done very successfully, without violating the very people they are meant to serve.

This article says:

Five’s beautiful alertness and responsiveness will transform the experience of an airport, or so the liberal, civilised, imaginative architect maintained, from a horrible, authoritarian, mass experience into something subtler, gentler, more individual and more pleasant.

This is, of course, doubletalk.

What it actually means is this:

“The vile ever-present eye of complete surveillance will transform the experience of an airport, as designed by the illiberal, uncivilized and unimaginative architects Richard Rogers. What they are planning is horrible, authoritarian mass humiliation and subjugation that obvious and brutal in its reduction of the individual into mere numbered cattle. Very unpleasant.”

When people like Richard Rogers, who really should know better, actively design to encourage and foster authoritarian systems it makes it hard to explain to the ‘the busy people’ why these systems are so wrong. They cannot separate the private from the public, the voluntary from the compulsory; they see only the surface, and as it looks the same, they accept both as being equal when they are not.

What is so wrong about this is that there is a better way to control passenger flow, and this layer of Security Theatre is superfluous and unnecessary; it is inefficient, onerous, pointless and frankly, evil.

There is nothing worse than an arrogant architect. I do not like to use the word ‘arrogant’, and very rarely employ it, but in this case it is completely appropriate.

This man is deliberately using human beings as part of an experiment, and he has put himself and his ideas above the rights and dignity of of the people who his buildings should be protecting and serving.

It is very rare that a building is designed to violate and humiliate the people who use it, and that this is being done in a context where millions will be systematically violated puts Richard Rogers up there with some of history’s worst ‘professionals who misused their art’.

Thanks to Dare to know:

The ContactPoint regulations slipped through the House of Lords on Wednesday 18th, despite resistance from a number of sources, including ARCH. Hansard has the full story.

Look at some of the evidence supplied to the House of Lords. Firstly, from Carpgemini the contractor:

* Up to 330,000 registered users.
* Database will contain records of all 11 million children in England.
* Approximately 200,000 enquiries per day, peaking at about 50 transactions per second.
* Average response times of 1 second for a keyed enquiry.
* 99.9% availability for 24 hours a day, 7 days per week.

That is a lot of accesses. It means that one million accesses per week will be made, and that the entire ContactPoint database will be copied in not less than 11 weeks.

and the nspcc chimes in with something completely illogical:

2. Paragraph 4(1)(a) refers to a child “who at that time is ordinarily resident in England.” We are concerned about how local authorities will interpret “ordinarily resident’ as it could result in particularly vulnerable children being excluded from Contact Point. We have previously raised this matter with the DfES, as neither the draft regulations nor the draft guidance gives a clear interpretation of this. The potential consequence of this is that vulnerable groups of children could be left outside the remit of Contact Point. For example, adults may present children as only being temporarily in the country, as in the case of Victoria Climbié. These children may in fact be trafficked, privately fostered or sent to this country to work and are arguably some of the most vulnerable – because they are often invisible – children in the country.

3. We would suggest that the DfES review this regulation as a matter of urgency. We would propose that the definition used in the Children Act 1989 under section 47(1) (a) “Where a local authority are informed that a child who lives, or is found, in their area” is a better guide for local authorities. In our view it would be better inappropriately to include a child on Contact Point and remove them at a later date than not to include them at all.

Retention of information – Regulation 7

4. We have previously raised concerns in relation to Regulation 7. If it is intended to archive information until the age of 24 years then this should be with the consent of the person concerned when they attain the age of 18 years. Although the information is archived, this measure arguably extends the database well into adulthood. It raises serious concerns about the privacy and confidentiality of information about a person’s childhood. This is possibly one issue which children and young people and parents have not sufficiently been consulted about.

My emphasis.

So, they want people innapropriately put into this monstrosity? Obviously they have no idea about databases and that in order for them to be really useful, they have to be accurate.

They say that, “It raises serious concerns about the privacy and confidentiality of information about a person’s childhood”. Why should this be of concern to someone only when they are 24? What about the concern of the parents?

Not very clear thinkers these people.

But there was someone with their brain switched to ‘on’:

Memorandum by the Young NCB (Young National Children’s Bureau)

1.  Young NCB, the young people’s membership network run by NCB, have submitted a set of comments on ContactPoint which the organisation has gathered from young people previously involved in DfES’ consultation processes on the scheme. Those concerned are all aged under 18.

Do you think that ContactPoint will adequately achieve its aim of “supporting more effective prevention and early intervention, to ensure that children get the additional services they need as early as possible”? If so, can you say what you think the benefits of ContactPoint are? If not, can you explain any reservations that you may have?

2.  I think it is possible in some cases ContactPoint will lead to earlier intervention, but I think the benefits are completely outweighed by the risks. The irony is that the people this system aims to help, those in danger of abuse, may not even be on the system if they don’t have a school or a doctor in which case they will still slip under the net.

3.  I think that ContactPoint will only achieve its aim if thorough and extensive training is given to all professionals using the system. If everyone concerned does not use and understand the system, it will fail. I think that to a certain extent ContactPoint will help, since it should encourage information-sharing and more contact between professionals.

Do you think that the interests of children, young people and families have been adequately taken into account in the proposals for ContactPoint? Can you give reasons for your answer?

4.  No, hardly anyone knows about ContactPoint, probably because the government are aware of what would happen if people did find out, i.e. a huge backlash and public outcry. They’ve spoken to about 15 people and when I worked with them I found them patronizing and unhelpful, they’ve clearly made up their mind regardless of what we think.

5.  The fact that children may refuse to allow their details to be on the index, but that this may be overridden suggests that this notion of a child’s ‘consent’ is practically meaningless. What is even more worrying is that young people will ‘not necessarily’ be told if their wish has been overridden.

6.  I am also not convinced about the security measures in place to stop the system being abused. Computer systems are never, ever completely safe; the threat of hacking is always there. Plus there is always the danger that a professional might use the system to gain personal details about a child or children. It would only need one or two instances of child abuse resulting from exploitation of the system being splashed all over the media for the public’s confidence (and most importantly young people’s and families’ confidence) in ContactPoint to be destroyed. It is worth thinking about whether this risk is greater than the potential benefit gained from the system. I think that extremely harsh penalties for abusing ContactPoint would need to be in place to help stop this happening, but even that could not be wholly successful.

7.  I am also worried that young people’s personal liberty will be hugely undermined by this system. Dozens of people in their local area – perhaps more – will be able to access personal details and, possibly, very sensitive information about them.

8.  I also do not think that a wide-ranging enough consultation has been carried out for ContactPoint. The huge majority of children and young people have absolutely no idea about the proposal, and so when ContactPoint arrives they will have no time to voice their concerns.

If you have other comments to offer, feel free to do so.

9.  The flaw in this system is not the system itself rather human nature, in that with access to this system people can make all sorts of harmful assumptions, particularly when people are ‘flagged’ or seen to be using sensitive services. The other big worry is that knowing people will potentially have access to this information will stop people using sensitive services, and considering we have the highest teenage pregnancy rate in Europe and binge drinking is on the rise that’s not a risk we can afford to run. The system is too big to be safe, too many people have access to private information and children’s right to privacy is being completely disregarded, a very dangerous situation to be in.

Ah yes, intelligence!

Another group that bought a clue:

Security of data:

27. ContactPoint is a national database partitioned into local authority areas. Although the regulations will specify the categories of practitioner to be granted access, the final decision as to who may do so will be left to local authorities. The government expects that around 330,000 people will have access to ContactPoint.

28. It is impossible to create a system on this scale that is both functional and secure. The government tacitly acknowledges this by advancing an intention that the records of celebrity children and those who are, for example, escaping domestic violence will not appear on ContactPoint. Nonetheless, the government insists that the system will be secure and points to the fact that everyone with access will undergo CRB checks; access will be by two-factor authentication and an audit system will detect improper access.

29. Criminal record checks have limited value. Within the education and social care sectors, increasing numbers of staff are from overseas and it is not possible to check their histories beyond, at most, obtaining information as to whether they have criminal convictions. Schools are advised that:

‘If attempts have been made to make checks (through obtaining a Certificate of Good Conduct or similar) but it has not been possible then the school is not required to take further action.’ [31]

At best, CRB checks detect known criminals but it is well known that paedophiles have usually committed many offences before being caught, if they are caught at all.

30. The Criminal Records Bureau warns:

The CRB cannot currently access overseas criminal records or other relevant information as part of its Disclosure service. If you are to recruit people from overseas and wish to check their overseas criminal record, a CRB Check may not provide a complete picture of their criminal record that may or may not exist.[32]

31. Two-factor authentication does not protect the system from all outside attack, particularly as ContactPoint will be accessed via Internet protocols, nor does it prevent careless disclosure or the unauthorised sharing of login information. Last year The Leeds Teaching Hospitals NHS Trust reported a ‘wholesale sharing and passing on of system log-in identifications and passwords’, recording 70,000 cases of inappropriate access to systems, including medical records, in one month.[33]

32. An audit system does not prevent all improper access. The Police National Computer, for example, has a substantial audit resource and yet the Independent Police Complaints Commission comments:

‘Every year sees complaints alleging the unauthorised disclosure of information from the Police National Computer. Forces have reviewed their methods of preventing unlawful entry but there will always be a few officers willing to risk their careers by obtaining data improperly.'[34]

33. Given the scale of what is proposed, it is vital that ContactPoint does not go ahead until Parliament has ensured that all of the security issues are resolved. Indeed, consideration of the regulations will be Parliament’s last opportunity to ensure that ContactPoint does not in fact endanger children and their families.

34. ContactPoint is not essential. The traditional method of finding out who else knows a child is to ask the child or parents. If professionals are competent and ensure that families have their contact details, this system works well (unless there are genuine child protection concerns). It also leaves control of personal information with parents and children in accordance with their Article 8 rights to respect for their private and family life and freedom from unnecessary state interference.

And finally, the a last gasp of common sense from The Lords:

The Government intend to use the system to improve the care of and provision for children. Their intentions are of the best kind and are shared in principle by all noble Lords. Yet it is the very system that they seek to rely on that risks stigmatising children and discouraging them from seeking help where necessary.

The Minister said that the regulations had the backing of many children’s welfare organisations. However, the majority of young people and parents consulted by the DCFS oppose the measures, and the major children’s charities—the NCB, the NSPCC, Action on Rights for Children and a coalition led by BAAF—have voiced serious objections. Noble Lords will have received the excellent briefing from the Independent Schools Council.The ContactPoint system, we are told, is intended to prevent another Victoria Climbié situation. However, that is not quite accurate. The agenda for the collection of children’s data began with the programme originally called “identification, referral and tracing”, which predates the Laming inquiry and does not mention child protection in its original criteria. Moreover, the child protection specialist Chris Mills has already ascertained that the system would not have applied to Victoria Climbié, given her temporary residency in this country.

We all wish to see an end to the horrors that befell Victoria Climbié and others. Inasmuch as the system will create a culture of over-reliance on what will always be a flawed database, it would divert attention from the children who most need protection from those who profess to care for them. It appears that the children of the rich and famous may be exempted if there is a risk of kidnap. While I fully understand why that should be the case, it strikes me as the most damning admission of the inability of the system to protect the details of children, not to mention the injustice of treating one set of children differently from the rest.

Indeed. My emphasis…. and yet, it passed.

[…]

http://www.publications.parliament.uk

Reading through all of the submissions makes ContactPoint seem like even more of a nightmare, if that is possible. Because people are so very stupid.

The response from Barnardo’s is astonishing in its complete lack of any real understanding about this system and what it will really do and the real issues swarming around it:

8. The trailblazer authorities and DfES have consulted with children and families, particular on matters such as confidentiality and security. Barnardo’s experience within the trailblazer project was that young people want to be able to access services when they need them and they make a connection between this and information sharing; we found this particularly in cases of young people with disability, where they did not want to tell their story over and over again.

9. ContactPoint will contain no case data, simply demographics to help practitioners verify that they are working with the same person. It will be up to practitioners (as is the case now) to decide what they can share, with whom and how much. Again, work in the trailblazers (Sheffield in particular) illustrated that young people are happy for their information to be shared where they and their needs are respected and where information is shared appropriately for purposes which they understand.

So they don’t want to tell their story again and again, yet the DB will not hold these stories. Amazing.

What also shocks me is the fact that children were consulted about something that is beyond their capacity to fully understand and that will have consequences not only for them both as children and into their adulthood, but for their parents and the next generation of children. Every aspect about consulting children over ContactPoint is wrong; the only people who should have been consulted are parents, since ContactPoint will hold the data of people who are not legally responsible for themselves.

Perhaps ‘consulted’ is not what they really mean; its more likely that they ran some focus groups to see what the reactions were.

I am amazed that organizations dedicated to protecting children are FOR contact point; they must be amongst the most delusional people out there, and their total disregard for human rights is breathtaking. These people act like children are created in hatcheries and are a form of state property, without parents, families or any rights.

What a terrible business!

Capgemini (Euronext: CAP) is a major French company, one of the world’s largest information technology, consulting, outsourcing and professional services companies with a staff of 75,000 operating in 30 countries. It is headquartered in Paris (Rue de Tilsitt) and was founded in 1967 by Serge Kampf, the current chairman. CEO Paul Hermelin has led the company since his appointment in December 2001.

Capgemini’s regional operations include North America, Northern Europe & Asia Pacific and Central & Southern Europe. Services are delivered through four disciplines for Consulting, Technology, Outsourcing and Local Professional Services. The latter is delivered through Sogeti, a wholly owned subsidiary.

Wikipedia

So that is who got the contract to build ContactPoint.

The children of Britain sold to a French company that operates n 30 countries.

The database set to contain information and carers’ contact details for every child in England will cost £41 million (US$84 million) a year to run on top of its £224 million implementation costs, the government has admitted.

Capgemini was awarded the £40 million, seven-year contract to set up and manage the ContactPoint database and online directory earlier this week.

But children’s minister Kevin Brennan has revealed that the ongoing costs of the database — accessible to more than 330,000 education, health, social care and youth justice professionals — will dwarf the contract price.

ContactPoint will contain basic identifying information about all children in England from birth until age 18, along with contact details for their parents or carers and for professionals providing support services to them.

Brennan confirmed that the total costs of implementing the system are estimated at £224 million, with £28.4 million already spent on the project in 2006-07 and a further £11.2 million in the first three months of 2007-08.

The implementation costs include the price of adapting the government IT systems that will supply the data and the adapting of systems used by professionals working with children so they can access ContactPoint, Brennan said in a parliamentary written answer. It also includes the cost of ensuring security and data accuracy, along with staff training.

“Running costs thereafter are estimated to be £41 million per year. Most of this will go directly to local authorities to fund staff to ensure the ongoing security, accuracy and audit of ContactPoint,” Brennan said in response to questions from shadow children’s minister Tim Loughton.

By the end of next year, ContactPoint is expected to be available to all English local authorities, child protection agencies and a group of children’s charities.

An initial deployment will roll out the database to 17 early adopter authorities and Barnardo’s in April. “Progress towards readiness to receive access to ContactPoint is on track” among local authorities, Brennan said.

[…]

http://www.pcworld.com/article/id,134926-c,kidsteens/article.html

So, ContactPoint will cost:

224,000,000 / 11,900,000 = £18.82 per child

and then

41,000,000 / 11,900,000 = £3.46 per child per year

What a bargain!

Of course, this is not what these numbers really mean. What they really say is this is the price that HMG puts on the heads of every child in this country when they come to sell them to the highest (or lowest) bidder to be fleeced en masse.

That this database will violate children is beyond dispute. What is astonishing is that ContactPoint will contain data that is worth far more than £18.82 per head.

Data brokers would pay ten times that amount for the database, because they would be able to sell it again and again and again; and lets remember, this is going to be the closest thing to a complete database of all children and their parents, it will be without precedent, unparalleled.

At least, not for long.

You can find out about how data brokers work by trying to get hold of or buy a list of all the schools in the UK. The dfes has a list, but they are not allowed to sell it to you or give you access to it because doing so would compete with the data brokers that rent these lists commercially. They sell the lists at £100 per thousand entries, and then you do not get to keep the data, you only get to use it for a single purpose.

Imagine how much money ContactPoint will be worth in this case. Once the data escapes ContactPoint, companies will rent it over and over in small parcels, with sets of data sorted by postcode, age single parent or not, you name it. It will be a license to print money, and the junk mail that families will begin to receive will be indistinguishable to the mail-outs that they already get; they wont even realize that they have been ‘ContactPoisoned’.

The only people who will be immune to all of this are the celebrity families and VIP families who will not be in the ContactPoint system “for their own protection”.

Now read this:

A £224m national database of all 11 million children in England, which is being set up in response to the murder of eight-year-old Victoria Climbié, is to be designed by Capgemini.

The national Information Sharing Index is due to be ready by the end of 2008. The database, which will cost £41m per year to operate, will include addresses and telephone numbers for children and their parents – and will enable social services and doctors to share vital information about a child’s health and education across local authorities.

The child database was recommended in a report by Lord Laming after Climbié was killed by her great-aunt despite having been examined by social workers, doctors and police.

The Department for Education and Skills awarded the contract to Capgemini under a long-term agreement between the two organisations which began in 2002 and which is annually benchmarked for value.

A fully-costed design of the technical architecture is due to be completed by the end of this year.

Silicon dot com

My emphasis.

No database will prevent crime. Full stop. The sad story above shows that even when the social services are in full contact the bad stuff still happens. It happens very very rarely, and ContactPoint is no proper response to this.

And finally, a good comment on this story:

Name: Anonymous

Location: Midlands

Occupation: IT Developer

Comment: Lets see now…

Server 2,000
Oracle Lic 1,000
DBA for day 1,000
CapGemini profit 223,996,000
========
Total 224,000,000

That’s how it works, is it?

Right on the money!

Heathrow to check fingerprints

Last Updated: 12:01am BST 21/07/2007

Terminal 5 passengers will have fingers and faces scanned, says Jeremy Skidmore.

Fingerprinting of passengers, a process that has irritated many visitors to the United States, will soon be happening on some domestic flights within Britain.

Domestic passengers departing from Heathrow’s Terminal 5, which opens in March, will have to give a fingerprint and have their faces scanned as part of a security check before take-off. The checks are being brought in because both domestic and international passengers will share a common departure lounge and there are fears that those arriving on international flights may be able to bypass immigration control by booking an onward domestic flight to a regional airport.

This is total insanity.

Firstly, whenever someone gets off a plane, they go straight from the plane to immigration, where they are checked. They should then go to a waiting room that does not physically connect with domestic flight passengers.

The architects that designed Terminal 5 (Richard Rogers Partnership) should be sued for extreme negligence; can you name me a single airport where domestic and international passengers are allowed to freely mingle in a unified departure lounge?

This is one of the biggest design blunders ever in the history of airport design, and now, passengers flying on domestic flights are going to have to submit to fingerprinting just to travel in their own country.

International passengers departing through Terminal 5 will be subject to the normal checks and controls but will not undergo face scans or have to provide a fingerprint. At Gatwick, which also has a shared departure lounge for all passengers, domestic travellers already have their photographs taken.

Did you know this?

A spokeswoman for Terminal 5 said the new fingerprinting systems were a way of taking security to the next level. “At the moment there are no plans for any other passengers to be fingerprinted, but it is the way of the future. We work closely with the Home Office on security issues,” she said.

This is just total bullshit. USVISIT has been a total failure, costing billions only to catch a few people (1500 out of tens of millions of people violated) who have outstanding parking tickets.

From this autumn, those arriving at 10 US airports, including New York JFK, Chicago, Miami and Boston, will have to give fingerprints of all 10 fingers, raising fears of increased delays.

Note how the delays is the only thing concerning this writer.

Bob Mocny, the acting director of the US-Visit Programme, which runs immigration security, said the new technology would improve safety

That is a lie, and it is demonstrated by the figures.

and, eventually, be a fast system. He said the same system would be introduced across Europe in the future.

And from what crystal ball did he glean this information?

However, the Home Office said this week that it has no plans to insist on fingerprints for incoming passengers.

They will not be able to justify it using the USVISIT numbers – they just don’t add up.

“We take fingerprints across 80 different countries from people when they apply for visas and have stopped 4,000 people from coming in,” said a spokeswoman.

That is a totally different scenario. It has nothing to do with fingerprinting EVERYBODY whenever they want to travel.

Recent improvements in security at Heathrow, Gatwick and Stansted include the introduction of flat scanners that can read the new biometric indicators in e-passports.

That is not an improvement in security, it is more Security Theatre.

Extra checks on passengers have been introduced following the recent attempted terrorist attacks at airports, leading to fears of increased delays for passengers this summer.

And none of them will be of any use. All of them are Security Theatre.

Telegraph

[…]

I have to say, that this is close to the most absurd and insane thing I have ever read. A firm of architects opts to create a single departure lounge with international and domestic passengers unsegregated, and as a result, to fix the problem, people flying inside their own country have to be fingerprinted like criminals.

This is absolute, complete, cant-make-shit-like-this-up INSANITY.

Architecture should serve the people who have to live work and go through it. By failing to segregate domestic and international passengers, not only has Richard Rogers Partnership failed to consider the dignity of passengers who are going to go through Heathrow Terminal 5, but they have failed to understand the brief.

Security at an airport, at a minimum means ensuring that immigration rules are followed. It means carefully considering the flow of passengers and their status. By failing to implement passenger flow correctly by creating a shared departure lounge, Richard Rogers Partnership has created a building that will not only fail to serve the people who use and pass through it, but which will violate and humiliate millions of people. It will serve as yet another way to soften up the people to the idea of regular fingerprinting for even the most simple of things.

This is one of the greatest architectural disasters ever.

Phishers go after two-factor authentication systems

By Eric Bangeman| Published: July 11, 2006 – 01:49PM CT

One of the problems with passwords is that they can be compromised relatively easily. While brute-force cracks are possible, it is much easier to convince users to willingly part with their passwords using social engineering. That’s how phishers operate, by tricking users into entering their passwords—along with other personal information—on convincing-looking but spoofed web pages. Once they have that information, bank balances shrink while credit card balances grow.

Two-factor authentication has been touted as a solution to the problem of users giving up their passwords too easily. One group of phishers is determined to prove otherwise, as a recent attack demonstrates.

On the surface, two-factor authentication is a relatively simple solution. In order to log in to a protected site, users must enter a password as well as a second bit of information. In the case of Citibank and a handful of other financial institutions, users are given a USB dongle which displays a passphrase or string of numbers that updates every 60 seconds. It is only when the correct password is paired with a valid passphrase generated by the token that the user is granted access to their account information.

A group of phishers operating out of a Russian website attempted to trick Citibank customers in the customary manner, by directing them to a lookalike website and asking for the usual personal information. As an added bonus, the phishers also asked for the passphrase generated by the token. Once they had both pieces of the authentication information, they would presumably then transmit it onto Citibank within a 60-second time period and go about their nefarious business. It’s a simple adaptation of existing methods: just add an additional field to existing forms and they are all set.

The phishing attacks demonstrates one of the weaknesses of two-factor authentication: it’s still quite vulnerable to “middleman” attacks. If a malicious site is able to pose as the genuine article, collect the necessary authentication from the unsuspecting user, and act on it quickly enough, it is not much safer than traditional password-only attacks.

Some banks and other institutions have already made substantial investments in developing and deploying two-factor authentication systems. The central theme in marketing the systems to customers is added security. Microsoft had even planned to natively support it in Vista, although that ultimately met the same fate as other features originally planned for its new OS. However, as the latest bit of phishing demonstrates, it’s not a cure-all. When used in conjunction with other antiphishing tools, it can be more effective. But as long as there are gullible users, no combination of security measures will be completely foolproof.

[…]

ArsTechnica

My emphasis.

As we know, password abuse in the NHS is endemic. Gullible or simply exhausted users will be tricked into revealing their passwords and token numbers, and then ‘Russian Hackers’ (the media’s latest bogeyman) will get in and start to copy ContactPoint entries, i.e. the private and sensitive details of children. This will be automated, so they will have a system to harvest accounts in place that will allow them to quickly create a working copy of the live ContactPoint database.

The US VISIT programme, which is intended to record the entry and exit of every visitor, is still not working nor is there any prospect of it doing so. While most of the the 300 air, sea and land “points of entry” are operating “biometrically enabled” entry records “comparable exit capabilities are not” said a report on the evidence presented to the US House of Representatives by officials from the Government Accountability Office (GAO): Homeland Security: Prospects For Biometric US-VISIT Exit Capability Remain Unclear Over the past 4 years $1.3 billion has been spent on the system.

The report says that:

“The prospects for successfully delivering an operational exit solution are as uncertain today as they were 4 years ago.”

The Department of Homeland Security is committed to providing exit records at air and seaports it has produced no plans or analyses to achieving this and:

“acknowledged that a near-term biometric solution for land POEs is not possible”

Even where biometrically enabled system were available at 11 air and sea pilot schemes:

“on average only about 24 percent of those travellers subject to US-VISIT actually complied with the exit processing steps.”

This was because compliance was “voluntary”.

The biggest long-term problem is the land exit schemes.

“According to program officials, no technology or device currently exists to biometrically verify persons exiting the country that would not have a major impact on land POE facilities. They added that technological advances over the next 5 to 10 years will make it possible to biometrically verify persons exiting the country without major changes to facility infrastructure and without requiring those exiting to stop and/or exit their vehicles.”

Indeed land exit capabilities are “being deferred to an unspecified future time”

The report’s overall conclusion is that:

“there is no reason to expect that DHS’s newly launched efforts to deliver an air and sea exit solution will produce results different from its past efforts—namely, no operational exit solution despite many years and hundreds of millions of dollars of investment. More importantly, the continued absence of an exit capability will hinder DHS’s ability to effectively and efficiently perform its border security and immigration enforcement mission.”

And what of the overall effectiveness of the US VISIT scheme? Last autumn the Acting Director of Homeland Security said that out of 63 million recorded visitors “1,200 criminals and immigration violators” had been denied entry – this report says the figure has risen to 1,500.

[…]

http://www.statewatch.org/news/2007/jul/o2usa-goa-exit-report.htm

You
Can’t
Make
Shit
Like
This
Up!

So they are counting people in, but not out? The exit system is VOLUNTARY?!

Look at the HUGE expense just to catch 1,500 people, all of them minor ‘criminals’. Use the Google to find out what we said about this before. This article demonstrates that the VAST MAJORITY of people coming to the usa are not in any way criminal. This means that they should never be treated as criminals. Period.

This is a monumental waste of money, a mass violation of people’s rights, and yet another example of ‘Vendor Hypnosis’. You can work out what that phrase means can’t you?

SHAME SHAME SHAME on the USA!

Whitehall officials strongly defend the security of the large centralised database that is being built as part of the Care Records Service of the National Programme for IT [NPfIT]. NHS Connecting for Health, which runs a major part of the NPfIT, points out that nobody can access it without leaving a trace in the audit trail. But who is going to police the audit trail in a busy NHS. And what if nobody polices it even if they’re supposed to?

This is what we have been saying all along.

Perhaps disciplinary action can be taken against misuses of the database, but by then it may be too late to protect the confidentiality of personal data. If the security at a local GP practice is breached, it will not affect huge numbers of files. But a national database will contain millions of records.

Precisely. And everyone who works on building this system knows this. You need to remove your data from your GPs computer as a matter of urgency. Lets say (for sake of argument) that the spine upload will be made from the latest backup set; if you delete now, long before the update, you will be left out of the upload.

This is one of the lessons of the lapse of security at the Department of Veterans Affairs. It is one of the few healthcare organisations in the world that has very large centralised and regional databases of medical records. So an apparent minor lapse of security can have major implications.

The disappearance of one external hard drive – the sort one can buy in PC World for about £100 – contained 1.3 million sensitive medical records.

In England a loss on this scale could not happen with a breach of security at a GP practice. But the NPfIT’s Care Records Service is due to store 50 million patient records.

Just like ‘Frances Stonor Saunders’ said, “These databases, which can easily fit on a storage device the size of your hand…”. All it takes is for one leak to happen for the whole system to be compromised. Now imagine trying to cobble together a database of all the NHS patients in the UK by compromising each GPs office one at a time. It would be hugely expensive, take years, and you would probably get caught. Thankfully the government is making it easy for criminals to get the job done; they are putting it all in one place for you!

The Department of Veterans Affairs had a general policy of ecrypting patient data so that if it were to go missing it could not easily be read. But the controls were not applied properly.

Even if they were encrypted, all that means is that a disc removed without taking the decrypting keys would be useless. A clever person would take the drive and make sure she had the decrypting keys too. It also doesn’t stop people copying entries on a ‘to order’ basis, something particularly sinister when you think about what ContactPoint holds: DATA ON CHILDREN.

Could the same happen in England?

Could? Lapses, leaks, abuse and thefts have have already happened in the UK. Use the Google!

a) In the NHS, password sharing is endemic and doctors do not always have the time to log on and off computers to protect the integrity of the system.

And there you have it password sharing is ‘ENDEMIC‘ : “characteristic of or prevalent in a particular field, area, or environment”. That means that it is in the nature of the NHS environment to share passwords. WHen they get a hold of ContactPoint access, they will not suddenly change their behavior.

b) If national systems are made too secure doctors and nurses will not use them.

Makes sense; in order for something to be useful, you have to be able to use it without having to think about it.

c) It’s unclear whether the Department of Health will provide enough funds to ensure that money and staff are available to police rigorously the audit trails of the Care Records Service, if a such a national system works.

Exactly. There are not enough people to watch the 330,000 people who will be making millions of accesses per week on ContactPoiint. Trying to find instances of abuse will be like looking for a needle in a haystack, and when we talk of ‘instances of abuse’ we mean paedophiles getting a hold of a child in the worst case scenario.

Perhaps these matters should have discussed openly and honestly before the NPfIT was announced in early 2002

Perhaps the whole idea should be scrapped? And by whole idea I mean the NIR, ContactPoint and the NHS Spine.

Computer Weekly

By DAVID KILLICK
July 13, 2007

HUNDREDS of British ID card holders have been told to cut up their ID cards and replace their fingertips after a security breach in Sweden.

Computer tapes containing ID card holders’ details nationwide were among items in a car stolen from a Swedish data processing company in May.

Many EU financial institutions are affected, but only some are notifying customers.

The National Identity Register has written to ID card holders this week warning them to cancel ID cards and to replace their fingertips.

“Your National Identity Register ID card details may have been compromised on or after May 25, 2007, due to a possible data breach in Sweden,” it says. “As a precaution your ID card needs to be cancelled, your fingerprints replaced and a new ID card issued.”

National Identity Register spokeswoman Marsha Cadman said fewer than 5 per cent of the UK’s 70,000,000 customers were affected.

No instances of fraud had been reported and the NIR was taking a precautionary approach, she said.

“This is not an issue our citizens should be concerned with. It impacted only a small number of citizens.

“Some other EU institutions on the mainland haven’t cancelled ID cards, they’ve just let it go, some of them cancel them immediately.

“We prefer to take the middle ground and say check the ID card, make sure there’s no transactions, and we encourage you to come in and cancel.”

EU commissioner for financial crimes Leanne Vale said there had been no reports the stolen data had been used in crimes.

“It’s a low risk event,” she said. “Our ID card system admins are very prudent and they will always err on the side of caution and will reissue ID cards, and contact ID card holders so they can replace their fingerprints and maintain a high level of interaction with their customers. Other identity institutions may not choose to do that.”

EU ‘ID Czar’ David Bell said banks were aware of the breach and were monitoring customers’ accounts.

NIR spokeswoman Pauline Hayes said ID card holders were not protected against any unauthorised purchases by a zero-liability fraud protection policy.

[…]

News.com

Note the new category; ‘Post Tipping Point’. This is shorthand for, “we are not going to link back to BLOGDIAL articles on this subject inside this post that you should already have read or should be able to find with the google”.

Here we go….

Watchdog seeks an end to ‘horror’ of personal data security leaks

Business leaders oppose stronger powers to investigate breaches

Phillip Inman
Wednesday July 11, 2007
The Guardian

Phillip Inman; you fail it.

Britain’s data watchdog sparked a row with business leaders yesterday when he called for more powers to confront companies that fail to protect personal information held on computers. He wants a new rule that would allow investigators to look at files without the permission of company directors.

His plans ran into immediate opposition from business leaders who said his request for increased powers were a heavy-handed response to the problem.

The information commissioner, Richard Thomas, said that a “horrifying” succession of data security breaches in recent years at high-profile companies – including mobile phone operator Orange, building society Nationwide and mail order retailer Littlewoods – had shown that many companies failed to understand the risks to their customers and to their own reputations of keeping vast databases without adequate security.

The fact of the matter is that Richard Thomas is a busybody beurocrat twiddling his thumbs in his office while the government puts together ContactPoint, which will be a database delivered over the internets, via browsers (read Internet Exploder) and available to 300,000+ people who will be authenticated by a username and password.

THIS should be his main concern. THIS is where he should be putting his ‘expertise’ to good use; to stop the greatest child protection disaster ever from being rolled out.

Instead, this anti-business Neu Labour aparachick loser wants to punish business, that people engage with voluntarily, for lapses in their security.

How pathetic.

Mr Thomas said giving him the power to conduct an inspection and audit to ensure compliance with data protection laws would allow him “to force the pace” and encourage more companies to change their behaviour. Now, he must gain the consent of an organisation before starting an investigation. He also questioned whether companies should be obliged to report data security breaches in the same way the banks are forced to report suspicious money laundering.

How about government agencies who hold data on citizens involuntarily being forced to submit to independent audits? How about obliging every government agency using a database being obliged to report data security breaches? This is far more important because the databases that the British public are forced into are just that, by force, they make it impossible or very very hard to get yourself removed from the most simple databases.

Did you know that your personal and private medical records are the property of the department of health and that if you want to get your records deleted from any of their systems, you have to have the written permission of the secretary of health to do so?

In the commercial world, where all your stuff is voluntary, you can reduce your data shadow considerably, by following some simple rules. For example, use an alternate name everywhere and anywhere you can. Use a pay as you go mobile phone. All of these things can be done, and you would be surprised at how friendly these companies are when you ask them about deleting your account. Businesses are more responsive to the needs of their customers than the government is, and frankly, Richard Thomas needs to get off of his ass and implement citizen friendly data practices throughout government, like an end to biometric passports, cancellation of ContactPoint, and of course, the complete cancellation of the NIR and ID cards.

“Over the last year we have seen far too many careless and inexcusable breaches of people’s personal information. The roll call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying.

Whatever you scumbag. What is FAR MORE HORRIFYING are the numerous breaches of GOVERNMENT DATABASES (the ones that we know about) where insiders have leaked information, violated privacy, and just been plain incompetent; we have documented and dissected some of these on BOOGDIAL of course.

Wrong hands

“How can laptops holding details of customer accounts be used away from the office without strong encryption? How can millions of store cards fall into the wrong hands? How can online recruitment allow applicants to see each others’ forms? How can any bank chief executive face customers and shareholders and admit that loan rejections, health insurance applications, credit cards and bank statements can be found, unsecured in non-confidential waste bags?”

Mr Thomas, who was speaking before the publication of the commission’s annual report today, signed a deal with the banks last year that effectively gives him access to inspect and audit their systems without permission. He extracted the concession after a series of high-profile breaches at prominent high street banks and building societies.

This is utterly outrageous. This man has no business going into a private company and auditing their security (which means of course, looking at all the accounts, finding out where the back doors are, so that even ‘security through obscurity‘ will not work). Anyone who knows about the systems used by banks understands that they are hugely complex, written in a variety of old and new languages; unless this Richard Thomas has expertise in these languages, and is given access to the source, he cannot possibly be able to audit the systems. Even if he did get access to the source, it would take years to audit it all, and the government does not have this expertise; that is a FACT.

That the banks have signed this agreement is also very very weird. I would like to read it….but I digress. Obviously they signed it to try and stop some new legislation coming into force. This is a bad, bullying bastard government.

In one instance, Halifax allowed details of 13,000 mortgage customers to go astray after the briefcase holding the documents was stolen froma member of staff’s car.

That has nothing to do with computers. No audit would catch this sort of insider blunder.

The incident came after Nationwide’s lax security procedures put thousands of customers at risk from fraud. A laptop was stolen from a long-standing Nationwide employee in a domestic burglary. The employee reported its loss and then went on holiday, but it took three weeks for the building society to realise that the laptop contained confidential customer information.

All this sort of event requires is the writing of guidelines, i.e., you do not put customer data on laptops. Ever.

Mr Thomas said a similar agreement allowing his inspectors access to companies in all sectors would prove to be more effective than spending the next few years painstakingly negotiating with each area of industry and commerce.

Richard Thomas is a moron. What this means is that anyone running a database (presumably over a certain number of rows in size) would be liable to one of these audits. Any company with even half a brain cell would immediately leave the UK for more sensible shores. There would be nothing that Richard Thomas and his army of ‘experts’ could do about it, and in fact, this is already happening. Banks, telephone companies (BT) have moved their data processing to India. When you get a call from an Indian call centre, they have your name, account number, date of birth, address and everything else they need to serve you.

There is nothing that Richard Thomas can do about it, and frankly that is a good thing. If Britain wants to become a business unfriendly zone, all modern businesses from LastFM to Orange will simply go elsewhere. Its all transparent to the user and the company, so why not? Why put up with these zealots and idiots and control freak morons who do not know the difference between what is public and what is private?

He said he also needed a more effective sanction where there are “flagrant, far-reaching breaches of the law”.

The ultimate sanction is a lawsuit, and customers leaving you. That is what you should facilitate. After you have cleaned up your own house.

Debt collectors linked to a financial services subsidiary of General Motors and private equity firm Cabot Square Capital were named in a court case this year over the illicit market in private information stolen from government databases.

And there you have it.

What I have been saying all along about copies of databases, illegal trading of data etc etc. and yet, this brain dead journalist cannot connect the dots and pull Richard Thomas up on the shenanigans that he is a part of, and the danger he is putting the 11 million children of Britain in.

Its is sickening, like watching an avalanche bearing down on you in slow motion as jabbering idiots throw snowballs at each other.

The commissioner brought a prosecution against a private investigator who was used by companies chasing vehicle hire purchase and bank debtors. The private investigator posed as another member of staff in telephone conversations in a practice known as “blagging” to gain access to personal information. The companies say they told the private investigator at the time not to break the law.

It is not called ‘Blagging’ you cretin, it is called ‘Social Engineering‘, and Kevin Mitnick wrote a very good book about it (which I have read) that everyone like Richard Thomas and Phillip Inmann should read. If they have read it, then double shame on them for not taking it seriously.

Mr Thomas said he was concerned that a market in stolen data was growing despite recent adverse publicity. “During a recent investigation we turned up at the offices of a private investigation agency and while we were there the fax machine leapt into life. It was a request from another firm asking them to find out if a woman had cancer. It also asked the agency to check a list of clinics to see if another woman had had an abortion.

This is astonishing. Does Richard Thomas really think that the underground market in stolen data is going to stop growing because of adverse publicity? And does he truly believe that if ContactPoint, the NIR and ID Cards are rolled out that this market will shrink?

Is he that delusional?

“In this instance we are not talking about a small misdemeanour. This is the illegal soliciting of personal information and the kind of thing that we need to investigate thoroughly.”

Bastardy mixed with ignorance. What needs to be done is to stop the compulsory aggregation of personal data into monolithic systems that are widely accessible by civil servants. That means no ContactPoint, no ID Cards and no NIR. Period.

But the CBI said enhanced powers to investigate alleged breaches of the data protection rules would have wider implications. “The nature of business is changing dramatically, so the way companies handle customer data is increasingly important,” said the employers’ body spokesman Jeremy Beale. “Some firms need to improve their data policies but there are no easy answers or silver bullets and the CBI wants a national debate to help identify where the responsibility for different aspects of data protection lies. By calling for the ability to inspect firms’ files without consent, the information commissioner is in danger of leading businesses into the very surveillance society he is heeding against.”

Exactly. And looking at files has nothing to do with laptops escaping offices or garbage being thrown out un shredded.

Mr Thomas said this year he was concerned that the vast amount of data being collected on individuals meant we were sleep-walking into a surveillance society. He said he lacked greater powers only because when the government translated the EU data protection directive into law it left out crucial elements. “The EU wants the government to give us the powers. Our experience tells us we need the powers,” he said.

Our experience, which is greater than yours simply through reading, is that:

• You people don’t know what you are doing
• You say one thing (protect data) and then do another (collect children’s details in an open system)
• You do not admit to data breaches, and take no responsibility for them
• You have no expertise in this area at all
• You have nothing of substance to offer
• You use this and every possible excuse to get into people’s private affairs

The Ministry of Justice is responsible for overseeing the Information Commissioner’s office. Yesterday it said: “We believe that the Information Commissioner already has adequate powers.”

Amen. What this dunderhead needs is TRAINING and EXPERIENCE in the systems he is trying to get to grips with, so that he can read and write best practice documents and then implement them INSIDE HER MAJESTY’S GOVERNMENT.

Don’t bank on banks to keep your secrets

For consumers who have been studiously shredding their old credit card statements and other sensitive data, the information commissioner’s move cannot come soon enough.

Despite repeatedly warning their customers to be careful about what they put in the recycling bin, several banks and other institutions have shown a disregard for their customer’s important financial data.

Two years ago the Guardian exposed how the Grand hotel in Brighton – bombed during the 1984 Conservative party conference – had thrown thousands of its customers’ credit card details, home addresses, and phone numbers in a skip outside its back door. Passers-by were helping themselves. We were able to ring up some of the former guests and read out their credit card numbers – to their initial bemusement, and ultimate anger. In some cases we even had their passport numbers. And the Grand was by no means alone.

The Grand Hotel in Brighton is not a bank, last time I chequed.

Since then, banks have been caught leaving bin liners full of customers’ details out in the street. Others have allowed staff to take unprotected laptops containing sensitive data home, which have subsequently been stolen.

In the usa there are now services that lock down your stuff and make it harder for thieves to use your accounts, should they get hold of your SSN. The market responds to these challenges and people are willing to pay for them. Like I predicted, ‘Dorian Grey’ services will begin to emerge onto the markets, where your identity will be shielded for a fee. You can do all your shopping and everything else you need to do whilst using an alternative managed and disposable identity. This will be the only way to keep yourself out of the legal and illegal databases, making you freer and more flexible.

A further concern was the case last year of Abbey’s call centre staff who were selling its customers’ bank details in an underpass near Bradford. In fact, this happens far more often than is realised because the banks always hush up breaches of security.

And what about the NIR, Identity Cards and ContactPoint you simple minded numbskull pinheaded journalist loser? Did it not occur to you, with that vivid image of people sneaking around in an underpass that this is the way perverts are going to trade ContactPoint data?

Honestly!

Sri Lankan staff in petrol stations recently perpetrated a £30m chip and pin fraud after they recorded details and then cloned several customers’ bank and credit cards.

Did that happen in Sri Lanka or the UK? Why mention the country that the bad guys were from? Nasty!

The government is another culprit. In one instance, temporary staff at the Child Support Agency were allowed access to one of the country’s three main credit reference agencies. The staff could ask for credit checks on individuals and get other personal financial information. To make matters worse, they were able to continue accessing the Equifax database for several months after their contracts ended.

That was a breach of Equifax, not a breach of a government database. Anyone can pay to get access to Equifax, so this example is totally bogus and garbage.

Next week HM Revenue & Customs is expected to announce that its tax credit system suffered fraud and error worth £1bn in 2005/2006. In its first three years the level of fraud and error will reach almost £3bn.

Irrelevant. Obviously Phillip Inmann has run out of examples because he actually doesn’t know anything about this subject, and also, cannot even use the google to find relevant examples. What a complete jackass!

So you are far more likely to be the victim of identity fraud because of something an institution holding your details has done – or not done – than you are from not shredding your documents at home.

The brain dead, computer illiterate, irresponsible, useless Guardian

[…]

What a pathetic conclusion. The majority of people do not suffer identity theft. That is a fact. It is also a fact that people in the UK are less vulnerable because there is no single identifying number attached to everyone’s name as there is in the USA, with their despicable Social Security Number. Britain is better off than the USA in this respect, and idiots like you keep failing to connect the dots and point this out whenever you get the chance. Don’t worry; there are many people who are doing your job for you, who actually know what they are talking about, and in fact, they have had a bigger audience an influence than any of your lackluster articles have had.