…but, having read three different people write recently that British ‘Bloggers are united in their opposition to ID cards, I’d just say that I think they will be rather handy actually. I’d like my medical data stored on mine too, if that’s okay with everyone.
Not only can I see no sound principled case against them, but, having applied for a new passport online this morning, I’ve changed my mind about the likely cock-ups and suspect that, after a couple of years of bugs and “DAVID BLUNKETT’S DOG STOLE MY IDENTITY” stories in the tabloids, they’ll work shockingly well. It’ll be a bit like London congestion charging, but not so slick. And, of course, they’ll cost an absolute bloody fortune, but only in a Keynesian, men-digging-up-and-filling-in-holes kind of way. I’d knock up a “Yes2ID” button for people to put on their sites, but it’d be pointless—unless Tony Blair starts a ‘Blog.
I’m not making a case here (except against groupthink); I’m just putting my opinion on the record because it’s going to be my biggest “I told you so” for quite some time. It’s worth noting that the ‘Blogosphere’s undisputed king of banging on at tedious length about how the advent of ID cards will immediately cause the Earth to plunge into the Sun, destroying all human life but for a tiny community of Cambridge scientists sharing a deus-ex-machinon powered starship with Stephen Hawking, has turned out to be spectacularly wrong about chip-and-pin cards already. Coincidentally, one of Chris’s ancestors, Vivian Sid Barrett Lightfoot, was the man who calculated that human beings would suffocate if they travelled in trains at speeds over 40 mph.
You’re not alone in this Pootergeek.
Paul Anderson agrees with you broadly. And he claims to be a bit of an anarchist.
http://libsoc.blogspot.com/2005/06/id-cards-id-schmards-paul-anderson.html
The thing is, The Man already has access to all of the data that he would want to have about you. He also has the capacity to collate it if he wants to (you never will be able to do this unless its done for you). And it would be a waste of time for you to try and assert your rights (what rights?) to not have that information used in ways you don’t want to.
If you could use an ID card to definitively access all of the relevant data about yourself, I think it would be possible for a class action to be taken that would allow us to assert some rights to limit the way it is used.
Like you, I’m agnositic on the overall subject, but I think that that we always end up listening to the most paranoid construction that can be put on something like this.
There is something very odd about all these people with digital footprints the size of The Isle of Wight worrying about their privacy.
Still, I suppose they have to have something to rail against, and it keeps them off the streets.
The argument that a future totalitarian government of the UK, presumably the BNP or the SWP/RESPECT, would exploit an ID card is risible. Is Lightfoot suggesting such a government would be incapable of introducing one? The anti-ID card argument is no defense against a future totalitarian government at all.
In fact, given that the ID card is being put forward as a means of combating a totalitarian threat, Lightfoot should be behind ID cards.
I’d have one; I have concerns about the implementation though.
Government + IT = expensive fiasco.
I long for an ID card so I won’t have to carry around my passport in lieu of the driving licence I don’t have.
…I can sense the audible sighs of relief as I tell you that I’ll be disappearing somewhere without PC access for the next month. Yes, at last Reality TV fame beckons for me:
http://rswipe.blogspot.com/2005/12/roberta-delight-at-new-urban-jungle.html
And don’t say I don’t deserve it!!!!
See you in a month or so,
xxx
Roberta
Yes, I’d like an ID card (and I love the idea of some bored civil servant tracking every detail of my life in the same way that I long for some high official to intercept and read my e-mails – partly because the recipients so rarely seem to do so). What do the anti lot have to hide – is it perhaps that their lives are rather dull? Or is it the “my enemy’s enemy is my friend” syndrome? – Labour (especially Blair (never Mr Blair to his detractors)) wants to do it, Mr grumpy is a Tory / Lib-Dem / Green / former Labour minister / Anarco wossname / none of the above therefore Mr grumpy opposes it?
But then I’m not a blogger……
Tend to agree, and blogged about it sometime last year (too idle to night-butterfly the link). The amount of heat generated by this seems disproportionate given all the other ways They have of Getting You (or would have if They were more competent), and given all the far more important issues in play these days.
“Papers please.”
The dreaded phrase made Damian shiver. At last his turn had come. The Social Policeman looked pleasant enough as he extended his hand for the ID card, but the other tapped his taser in a meaningful manner.
“What’s the trouble officer?” the blogger extemporised. He wondered if it was something he’d said. A reference to religion perhaps, or an anti-social remark?
“Just a random check, sir,” said the SP briskly. “Now if you’d just swipe your card through my Watchdog, you’ll soon be on your way. Unless of course you have something to hide?”
Damian’s hand trembled as he thrust the card into the slot of the Watchdog. Had he missed someone’s Christmas present? Snubbed a Jehovah’s Witness?
The officer shook his head as he checked his screen. “Oh dear. It says here you’re wanted for subversive use of an internet cafe. I’m afraid you’ll have to come with me.”
Why on earth did I think these cards were a good idea? wondered the hapless blogger as the plastic cuffs were snapped on. But of course, no one could have foreseen the coming to power of the Sensible Party …
“
It is a card that identifies you, quite simple really. If you checked your credit records (and you do have them, even if you’ve never made use of a credit / store card facility) they already have almost all of your information , even down to addresses that you were ‘linked’ to, that is, you weren’t even ‘registered’ as living there, just lodging with a family member or friend for a while. If they have all of this anyway, what’s the big deal about having an ID card, it doesn’t mean they’re going to have anything new ‘on you’. If a criminal is going to steal your identity, they can do that already – no need for an ID card to do that.
Also think people should stop all the hoo hah about the political side of it. It’s not political, it’s functional. If you have issues with an ID card, you must also have issues about having a passport, so what then – down with the passport too? ooh, I quite fancy popping over to some or other country for my hols. Don’t need ID for that, no, I’ll just tell the nice man at the gate that my name is Bob and I’m from the UK. It’ll be a breeze, nobody needs to know who I am. Quite fancy going to get a £300 000 mortgage, so I’ll just pop down to the bank and ask them to give me the money – preferably cash because I obviously wouldn’t want anybody to know my bank account details, after all, that’s personal information… which reminds me, I must quickly go pick up my salary in the envelope under the stone outside my office.
I’ve never had a problem with ID cards per se, but I’m against the database, the compulsory recording of biometric data, and the privilege of being charged an extra three squillion quid for my passport when it’s up for renewal. I also think that moves to make crime detection easier tend to stop the police bothering with prevention quite so much. That’s what’s happened with CCTV.
There’s also a problem with the Government’s confidence that the card will be unforgable. That confidence will cause serious problems.
If you have issues with an ID card, you must also have issues about having a passport
Of course you must because they’re exactly the same. For example, you aren’t allowed to not have a passport and you must carry it with you at all times.
(Or else promise you will pop into the police station within the next seven days to show it so that they can detain you for 90 days to prevent you bombing the tube tomorrow.)
IN a free, democratic country, individuals have a right to personal liberty and do not require an “identity”. I exist, I’m here, what’s it to you?
[…] Much as crazed libertarians holed up in aluminium-coated geodesic domes on Dartmoor with bowie knives between their teeth would like it to be otherwise, my ID card post says nothing about compulsion to register or to offer papers on demand. I oppose both of these, neither of them are part of current legislation anyway, and neither of them stand an eclair at a health farm’s chance of getting past The Great British Public. I just think it would be convenient to have a reliable, all-purpose, and legally weighty form of identification to hand and, in itself, if the state makes such ID cards available I feel no threat to my rights. […]
Sorry, didn’t see this before. You’re measuring the wrong thing re. chip-and-PIN — the thing that is likely to matter to the consumer, and certainly the thing that bothers me about chip-and-PIN, is the probability of being a victim of fraud and not being compensated by the bank (or the expected loss, or some other statistic of that distribution), not the total losses to fraud by the banks. By contrast, the banks’ measure of card fraud is based on the amount they lose in paying out compensation for fraud, which is what your link reports. These two measures are independent.
Obviously the banks can try to adjust their losses to card fraud by changing their willingness to pay out compensation (for instance, in this case, by attempting to transfer liability for card fraud losses to vendors, and refusing compensation in cases where a fraud was effected through knowledge of the PIN). This is basically the same as the gag with “phantom withdrawal” ATM fraud: by pretending that frauds did not take place (even, that they were impossible) and so refusing to pay out for ATM fraud, the banks were able to pretend that it was a non-problem; naturally the consequences for individuals who’d suffered from ATM fraud were extremely unwelcome. (In fairness, it appears that the banks were trying to cover up the phantom withdrawals problem not out of simple meanness, but because they feared that publicity about security problems in the ATM network could lead to a collapse of confidence in the banking system, and the only alternative was the unreasonably expensive one of actually fixing the problem.)
As for “spectacularly wrong”, well, the substantive prediction I made — that people will copy the magstripes from credit cards, and then use the copies to steal money from ATMs — appears to have been proven right (here’s an example which illustrates several elements of the problem). Chip-and-PIN makes it much easier for the attacker to obtain a victim’s PIN, because they are now obliged to enter it whenever using their card, into a variety of terminals with no way to tell whether any individual one has been modified to record the PIN for later re-use.
Good genealogy work, though.
Chris, I am probably even more skeptical than you are about the reliability of large software systems, but you and I both know that the overwhelming majority of “phantom withdrawals” are the result of people giving their PINs to their “friends” and relatives. If the banks were as picky about their customers’ legal obligations to them as you are being about the banks’ obligations to their customers then they would sue about forty percent of them tomorrow for breach of contract.
Your objection to chip-and-PIN on the grounds of a tiny number of unsatisfactorily resolved cases of card skimming is equivalent to objecting to mass vaccination on the grounds of isolated cases of anaphylaxis. As you yourself acknowledge, retail security has far less to do with technology than it has to do with social engineering. You’ll learn a lot more about stealing with credit cards by working in Tesco than by studying cryptosystems. (I love those people who toss signed VISA stubs into the street, but are afraid to shop online.) I have plenty of friends who’ve had their cards ripped off in the past and not one of them has had to pay a single penny of the losses. Of course, it’s not the individuals who pay those losses; it’s all of us.
There is an implicit agreement we make with our financial service providers about the level of hassle we are prepared to accept in return for their keeping our money “safe” for us and I suspect that most people would tend more towards convenience rather than the explicit indemnification you seem to think the priority. But, if you want to object to your bank’s terms of service (which seem to be what your argument is really about, rather than banks’ hype about chip-and-PIN) then move to another bank. If you want to object to the introduction of chip-and-PIN technology then move to another bank. There are plenty of no-card-access accounts available. Most customers who choose their accounts well and manage their contents sensibly do rather nicely out of their banks (or rather they do nicely out of their spendthrift peers)—especially the relative looseness with which many banks interpret their terms and conditions in their customers’ favour.
I used to have a current account with a lousy bank so I changed and I’ve never had a problem since. Most Brits can’t be arsed so they get the banking they deserve. (Somehow many retail banks in the US are worse!) Banks aren’t there to provide a community service or to please us ‘Bloggers of course. They’re there to make profits. Your aim should be to minimize the proportion of your income the bastards skim off, but the market leaves you free to inconvenience yourself grossly for fear of an infinitesimal risk.
Chip-and-PIN reduces the contribution that human stupidity and laziness make to fraud. Given that most fraud is performed by stupid and/or lazy people upon stupid and/or lazy people, the net result is less fraud. (Smart people take from you legally by working in financial services.) In aggregate, the technology is currently saving us all money and, individually, I would argue that it is making it more likely that our banks won’t hold us liable if someone tries to take our own. That, I suspect, is our main point of disagreement. I can control my own security practices, but I can’t control those of most of my fellow account holders so, having worked in Tesco and never knowingly worn a tinfoil hat, I prefer my bank to give them chip-and-PIN cards to play with.
Bad analogy. There are two obvious reasons for having a vaccination despite any costs and risks of doing so: either to protect myself or to contribute to “herd immunity” in the population as a whole. But that doesn’t apply here: having a chip-and-PIN card exposes me to new risks without any corresponding benefit to me, and nor does my having one reduce the risks of fraud on other people’s cards. Unlike a vaccination, there is neither a direct benefit nor a herd immunity effect.
Very briefly, there are two problems with the scheme: firstly, an unauthorised PIN entry is harder to repudiate than a forged signature — note that banks are still claiming that,
which does not inspire confidence — and the banks are likely to exploit this fact to deny people compensation in some cases, as in the case of ATM fraud; and secondly, the use of chip-and-PIN creates lots of new ways (both “technical” and “social”) for a card and PIN to be compromised, increasing the probability that the first will happen. Remind me what the advantage to me of having one of these cards is supposed to be?
Once chip-and-PIN is fully rolled out I expect anybody interested in a career in credit-card fraud to figure out workable attacks, and be able effectively to exploit them, fairly swiftly; and I expect that this will be followed by silence and/or denial from the banks until pressure becomes overwhelming, as in the case of “phantom withdrawal” ATM fraud, even the possibility of which was categorically denied for years by the industry.
As for,
Somebody who (for instance) fraudulently obtains my PIN and card and takes money from an ATM has stolen money from the bank, not from me, and I definitely don’t want my bank to pretend otherwise!
You’re right, however, that our difference of opinion probably comes down to (in effect) a difference in utility functions — I value reducing the risk of losing a large sum of money much more than I value the £2 per year or whatever I would save if your quoted ~£60 million/year reduction in compensation paid for fraud is sustained and the saving was passed on to me as a cardholder.
You are choosing to interpret my phrase “your objection” to mean “your personal objection”. Since most of my comment addresses the question of a savvy bank user’s costs and benefits from the arrival of chip-and-PIN it is a fair analogy.
Criminals attack the weakest. Even if I accept that chip-and-PIN will generate a larger number of new crimes (I don’t), if others are lax in their use of chip-and-PIN they will be ripped off in preference to people like you or me who will be careful—reducing your relative risk of being a victim in the first place. I’d say it will reduce your absolute risk, if only because, unlike other methods, your card is a great deal more likely to remain in your sight throughout a transaction. The only time I have ever had one of my own cards ripped off is when I allowed it into the back room of a dodgy New York restaurant. (And anyway vaccination does not guarantee an individual protection against a disease.)
The question of “herd immunity” is one, again, that we will simply have to disagree on, but that is the final argument of my previous comment. For someone who believes what I do about the efficacy of chip-and-PIN in reducing fraud, then the analogy stands up. For you, it doesn’t. Experience has shown over and over again that when one kind of crime becomes generally more difficult, criminals do not try harder to overcome that difficulty, they just find other, easier crimes to commit.
So what? Record companies claimed for years that CDs gave perfect reproduction and were indestructible, but they still replaced ones that turned out not to play after you’d got them home, no questions asked.
And, as I pointed out in my previous comment, the banks treat most cases of fraud in which victims have effectively handed keys to the bank over to someone known to them as being the bank’s own fault. You can’t have it both ways.
Throughout your complaints about this technology you have elevated a tiny minority of cases reported on the Web over a huge number of cases that all of us have direct experience of. And, just as with ID cards, you repeatedly cite horrors that theoretically lie in wait:
It’s somewhat frustrating trying to have an argument with someone who answers direct experience of current and past events with hypothetical claims about the future. Never wrestle tinfoil hat-wearers: you might knock their protective headgear off during the fight and they can then use the advice given to them by the voices inside their heads to defeat you.
Even if I shared your belief in the effectiveness of the technology, this wouldn’t be analogous to “herd immunity”, because that would require that the risk of others becoming a victim decreases if I adopt the technology. Whereas, were chip-and-PIN actually beneficial to the individual punter, then their interests would be quite the opposite — far better to have others still using the old, “less secure” system, so as to divert crooks away from them; as you say, the crooks “attack the weakest”.
Yes, but as I say, chip-and-PIN enables a whole selection of new replacement crimes (see, e.g., this, though most of them are pretty obvious). Moving to chip-and-PIN would expose me to those new risks, plus the repudiability one I cite.
Alright then, what are the probabilities of banks refusing compensation in each case of (1) phantom ATM withdrawals; (2) CNP fraud; (3) “CP” fraud? I don’t know — and I don’t think anyone’s tried to measure this — but the consequences for individuals in the cases that we do know about appear serious enough that even if the probabilities themselves are pretty low, it’s worth taking measures to avoid those risks.
Well, the claim is that “banks will continue in the future to behave as they have done in the past”. Unreasonable? I don’t think so.