Robin Wilton's esoterica

Lubomir blogged yesterday about Fidel Castro's prohibition of light bulbs with a wattage higher than 15w. I have to confess, my initial reaction was to snigger, but the more I thought about it, the more I concluded that I've heard many dumber ideas, most of which would not result in a 75% energy saving (assuming the average light bulb os a 60w one...). I do try to use those low-wattage energy-saver bulbs wherever possible, because for all its ingenuity I can't help feeling that the incandescent bulb is a technology which ought by now to have passed on...

Apologies to Edison and all that, but I do wonder what the reaction would be if someone came along today and said "I've invented a great new source of light; the snag is, it comes in a glass container which is incredibly fragile, and the working part is an even more fragile metal filament which you heat so much that it glows. That means it has a built-in obsolescence measured in months, but hey, what are all those drawbacks compared to instant light?".

The second story is in today's New York Times (may require free registration to view full story). 9 US States have agreed to co-operate and first freeze, then cut powerstation emissions over the coming years. Now, some of you may say "there you go, it proves that the system works: no need for a Kyoto protocol". My own reaction was "Thank goodness there are administrators smart enough and brave enough to take the initiative like this, and not cave in to the Bush propaganda about 'no proven link between energy consumption and global warming'".

Unlike the 15w light-bulb example, further reflection did not lead me to change my initial opinion on this one!

The first 'proper' camera I ever had was an Olympus OM-1 35mm SLR. I bought it in the late 70s and still use it regularly. A couple of years ago I finally went digital, and bought a Sony Cybershot; since then, I have tended to use that much more than the SLR. I find the image quality acceptable, and it's so much easier (and cheaper!) to display a digital photo at full-screen size than it is to get a negative printed up to the same size. It's also a lot easier to zoom/crop and otherwise generally 'improve' a digital original than a 35mm one. So for one reason and another, I had never heard of "DX-coded" film until yesterday. Next time you look at a spool of 35mm film, to might notice that it has a band of black and silver rectangular markings along the casing. Those (I now know) are a DX code-mark. Pending upload of a photo, here's a rough sketch of the pattern I'm talking about: The silver rectangles are conductive and the black rectangles aren't. The conductive patches are used (by cameras more modern than my 30-year-old OM1!) to detect what ASA/DIN rating the film is and how many exposures it has. That data is then used by the camera to adjust exposure settings accordingly and tell you how many shots you have left. If your camera is DX-capable you should be able to see a row of little metal contacts in the place where you load a new film spool. So, no more occurrences of that awful sinking feeling when, having just taken some fabulous pictures of an unrepeatable event, you glance down at the 'film speed' knob on top of the camera and realise you haven't reset it since that roll of 2000 (or 25) ASA film you tried out a couple of months ago. Live and learn, eh?

A short follow-up; in subsequent emails with Jaco Aizenberg (see previous post), he clarified that in his concept of a 'virtual personality', the 'presence' attribute does not, indeed, imply identity. I think that's the right way to go. In that respect, the virtual personality (vp) concept has a lot in common with what I've seen described elsewhere as a 'persona' (see Day One of this blog, too...); the vp is a way for the user to control what data about them is exposed online in any given interaction. Obviously, one possible use of such a function would be to protect the user's anonymity where that was desirable; so it's good that in Jaco's schema, an assertion of identity is not a pre-requisite or a corollary of an assertion of presence.

I know there's already been some dialogue about this question, notably here, in Pat's blog entry and the subsequent comments, but it has surfaced again in some work Jaco Aizenman is doing to define the virtual personality, and I had a thought........... Here's what I think is a good analogy for location versus identity: think of a basic radar system. The little green blip on the scanner tells you that there's something out there, and also gives you its location (well, in a couple of dimensions). It doesn't give you any identity information, except to the extent that if you can see two blips, they are probably not the same object. (Conversely, if you can only see one blip, it could represent two or more co-located objects and you might be none the wiser.*) An assertion of presence is not necessarily an assertion of identity. Now think of a more modern air traffic control system, which aggregates radar blips with the data received from transponders on the planes. In this case, you get assertions of presence but also identity data (the call-sign or whatever of each transponder). Even if two or more planes appear as only one 'blip', you can still distinguish between them, but not on the basis of their presence data. In this case you are getting some attribute data (presence) supplemented by some credentials (call-sign). It's the latter which provides an assertion of identity. Tags:Identity, Presence * Piece of trivia: did you know that while writing "Red Storm Rising", Tom Clancy had some exposure to the PC naval warfare strategy game "Harpoon". Someone noticed that two warships sailing close together in the simulator sometimes looked like just one ship on the radar plot, and this ruse made its way into the book as two naval commanders use it to fool the enemy. It's a long time since I read the book, though, and I can't remember if I found that out from the preface or some early Harpoon website.

It's now six months since Hunter S. Thompson died, which wasn't a very auspicious opening for my blog - but how could I hold that against the Godfather of Gonzo? It has sometimes occurred to me to wonder what it would take to make a good send-off, but I don't think I ever came up with anything which included Johnny Depp, a couple of million dollars, a 250-foot tower and a cannon. Then again, my instincts do tend to lead me to aim lower than Hunter ever would have. The coverage also mentioned how he would want to be remembered; with the clink of ice in whiskey. Now that, I can manage. Some Booker's 62.45% small-batch bourbon, specifically. Here's to you, Hunter.

Jonathan Schwartz' most recent blog entry raises several themes which have the potential to define the IT landscape of the coming months and years. One is the well-worn topic of digital copyright and rights management. I'm not going to rake over those coals... the opposing viewpoints of content-users and content-publishers have been extensively explored already. However, I would like to say that I can understand the viewpoint of the media company CTO Jonathan was talking to. From that CTO's perspective, published digital content is the asset of his corporation, and he wants to protect it throughout its lifecycle. If he can't protect it, he can't exploit it... and whatever your views of the economics of the media industry, that's his business. I'm not underestimating the scale of the problem he's faced with, but I suspect the solution is more likely to be commercial than technical. If there's an 'analog hole' - that is, a point in the content lifecycle at which digital protection becomes unrealistic, then maybe the business model has to be predicated on revenue up to that point. Similarly, I'd turn the question around to Jonathan... Sun's key assets are information assets, and an awful lot of those are online. We take a lot of trouble to determine who is requesting access to what, and a corresponding number of our products and solutions have the same objective. Yes, the software model is moving towards "free and freely distributable" in many areas, but software is only one way in which IP reaches the daylight. In terms of the 'analog hole', there are some things Sun can do to protect its assets when they are not online (when they are in someone's head, or realised in some other way). The fact that that doesn't cover all Sun's assets doesn't mean we should give up on digital protection of online IP.

OK, I accept that these are unrelated cases in different jurisdictions with very different cultural expectations about compensation, but nevertheless, I this gives me cause for reflection. Two recent incidents involving the loss of human life: the shooting of Jean Charles de Menezes and the Vioxx case of Robert Ernst have given rise to news stories about compensation figures. In the Menezes case, the Metropolitan Police is said to "strongly refute" any suggestion that an offer of $1m compensation has been made to Mr Menezes' family. In the case of Mr Ernst, his widow has been awarded $253.4m in a punitive settlement against Merck, the manufacturer of Vioxx. Both men had a reasonable expectation that they would not be killed by the organisation in question; one providiing a painkilling drug, the other responsible for law enforcement and public safety. Neither man was going something which they reasonably expected to put them in mortal risk. If anything, 27-year-old Mr Menezes had a greater reasonable expectation of future lifespan than 59-year-old Mr Ernst. So who decides that one life is worth $250m and another life is worth $1m (or not, if the UK compensation story really is baseless...)? It's all very odd.

Interesting. The hits recorded by Statcounter are currently running at a little over 10% of what blogs.sun.com says is happening. I'll keep the Statcounter running, though, as it provides a different level of data. If anyone has ideas about why there could be such a difference between the two statistics, please drop me a line...

Starting today, I will be experimenting with a "Statcounter" counter on my blog (it's near the top of the right-hand sidebar). Statcounter home page I'm doing this for a couple of reasons: first, the default blogs.sun.com counter gets reset overnight US Pacific time, so I never actually know how many visits I got in a given day. Second, I'm conscious that there are now sometimes a couple of thousand of you out there who stop by to read what I've written. That's a pretty strange experience in itself, but I also find it a very one-way traffic. I know little about who you are, why you visit and what you think. I'm curious to get a rough idea of where my readership comes from... However, given the nature of my work, I think you would expect me to be sensitive to the privacy implications of using a counter service like this, so here is the information I think you should have. The Statcounter service makes use of cookies to record whether you are a returning visitor or not. I will quite understand if you decline to allow my cookies on your machine. I have read Statcounter's privacy policy statement, and am comfortable with their assurances that they will not pass stats data to any third party, and with their anti-SPAM policy. They password-protect access to my Statcounter account, and I add my assurance that I will take such steps as I am able to ensure that it stays confidential. I have declined the option to allow others to access the stats data for my blog. I also give you this personal assurance: I will use the stats data only to get a rough idea of the make-up of my readership. I will never store or trace back any 'referrer' URLs, IP addresses or other identifiers which appear in the stats. If I become concerned that too much identifiable data is being stored in the stats logs, I will take such steps as I can to reduce and/or dispose of it. If I get substantial feedback from you about data privacy concerns in this regard, I will consider cancelling my use of the Statcounter service. Finally, I know this blog entry will get pushed down the stack as time goes by, so if you click on the "What's this?" link next to the counter, it will take you to a permanent copy of this privacy statement. I hope you find this acceptable; please let me know if you have any comments, questions or protests! With best wishes, Robin Wilton

My blogmates Mark G. Dixon and Rohan Pinto have got a good dialogue going on about the whole question of the 'chain of trust' from authentication through authorisation to service provision. There is clearly some further progress to be made in our industry, around concepts like multi-factor authentication, multi-factor authorisation (remember Lance Piper's description of a Google-like 'trust trawler' to back up authorisation assertions?), and perhaps even turning Zero-knowledge proofs from Rohan's working example into mainstream technology. Most of these focus on the technical aspects, so it is good (and I hope not surprising) that the Liberty Alliance is also looking at the other pre-requisite areas. At the Dublin sponsors' meeting in April, the Alliance members formed a Special Interest Group (SIG) on ID Theft, and in Chicago in July it hosted an open workshop on ID Theft with participation from bodies such as the US Justice Department, the Cyber Security Industry Alliance (CSIA), the Anti-Phishing Working Group (APWG), the Burton Group, Purdue University and many others (apologies if I didn't mention you!). The SIG brings together a wide range of vendor, industry and public sector viewpoints, and is looking at the legislative, regulatory, enforcement and best practice aspects of ID Theft prevention, not just the technology. As far as I am aware, it is the only such collborative consortium taking so wide-ranging but pragmatic an approach. I don't think I'd be giving away trade secrets if I told you that the SIG is fairly close to publishing its initial thoughts (once the rest of the Alliance has had a chance to comment), so 'stay tuned'/'watch this space'/'your cheery cliché here'...

Hmm. I know I'm not the first to find the L'Oreal trade name 'Boswelox' somewhat risible, but now, in response to criticisms from the UK's advertising regulator, L'Oreal have agreed to modify some of the claims they make about this wonder-cosmetic. So they haven't discovered the Fountain of Youth after all. There must be something about that quest which attracts the differently-named: in my immature youth (with apologies to my Hispanophone friends) I found the name "Ponce de Leon" somewhat risible too. ;^)

Very disturbing news has started to emerge about the shooting of Jean Charles de Menezes, the Brazilian resident of London killed by police on July 22nd. (See also my blog entry here.) Here are links to three of the reports from today's media: BBC News online The Guardian newspaper The Times newspaper As before, I have to qualify this: this information comes from leaked documents allegedly describing evidence given to the Independent Police Complaints Commission enquiry into the shooting. Naturally, as that enquiry is still in progress, neither the IPCC, the Home Office nor Scotland Yard will comment on the leak. If you remember, the information which was given out at the time included the following factors cited in support of the shooting: 1 - He emerged from a building which they had under surveillance in the wake of other recent attacks; 2 - He was of generally "Mediterranean" appearance (and yes, I know, neither Brazil nor Pakistan are Mediterranean countries...); 3 - He was wearing a padded jacket despite the warm (for the UK) weather; 4 - He ran for it when challenged, heading down into the underground and onto a train. And I noted at the time that... These factors now seem to have the following explanations:
1 - coincidence 2 - he was Brazilian 3 - unclear (perhaps see 2...) 4 - his visa had expired. Since that time, Mr de Menezes' family has denied that his visa had expired, casting doubt on the question of whether he had a strong reason to want to steer clear of the police. Disturbingly, the leaked documents and supporting photographic/CCTV evidence are now also said seriously to undermine this and the other factors cited. 1 - Although he emerged from a building under surveillance, the officer who should have been in a position to identify him as a suspect (or not) was 'taking a leak' at the time; 2 - The "armed team had been given photographs of alleged bombers, yet no one realised that Mr de Menezes bore no resemblance to them" (from the Times article); 3 - He was not in fact wearing inappropriately bulky clothing; 4 - He apparently entered the tube station calmly and normally, and was already seated on the train when challenged and shot. He didn't 'vault the ticket barriers' but used his season ticket in the normal way. Clearly the full truth has yet to come out, and that raises three critical questions: First, how can the IPCC evidence be so damningly at odds with the version originally put out by the police? Second, what effect will this have on public faith in the enforcement of the even more stringent anti-terrorist measures recently brought forward by the UK government? Third, what are we to make of the catastrophic failure in operational control, if the leaked details are accurate? Remember that, in the context of the London bombings on 7/7 and the attempted bombings on 21/7, the argument being put forward was that "if a suicide bomb attack is imminent, the bomber has to be incapacitated at once". Thus the repeated shots to the victim's head. But here's the real nub of it (from the Guardian article): The IPCC investigation report states that the firearms unit had been told that "unusual tactics" might be required and if they "were deployed to intercept a subject and there was an opportunity to challenge, but if the subject was non-compliant, a critical shot may be taken". Note the phrase "an opportunity to challenge". According to the leaked reports, Mr Menezes was shadowed onto the train by an undercover officer, both of them took seats, and then an undercover officer 'guided four armed officers onto the train'. Mr Menezes was physically restrained and then shot. As I said originally - I would not want to have to make the decisions which those officers made on the day; however, this account is inconsistent with the version we were allowed to believe at the time. There does seem to have been "an opportunity to challenge", and this calls into doubt whether the apparent threat was so immediate as to justify immediate incapacitation. As I say, the truth clearly is yet to emerge, but this episode, however I look at it, leaves a foul taste in the mouth.

Back at the end of July, some comments on my 'authorised signature' peeve reminded me of a credit card prank I had seen somewhere on the web. I have now been able to spend a little time ferreting it out again and can proudly offer you the excellent work of Mr. John Hargrove, a.k.a. Shamu, Zeus, Mariah Carey...... well, follow the links and you'll get the full picture. John Hargrove's Credit Card Prank, Episode 1 John Hargrove's Credit Card Prank, Episode 2

It's hard to find a winner in the increasingly protracted saga of British Airways and their outsourced inflight catering company, Gate Gourmet. If you haven't been following this story... Gate Gourmet recently laid off some 670 workers in a restructuring exercise, leaving BA with no food to serve on their flights, which for a long-haul passenger is quite a big deal. BA had to suspend long-haul flights for a couple of days. Then their baggage-handlers at Heathrow walked out in sympathy, adding to the chaos last Thursday. The airline, which should by now be wondering whether outsourcing is such a great idea after all, looks like losing about £40m in direct costs, and has a lot of pretty disgruntled customers. And if you're currently having a bad day, consider this (6 days after the strike blew up...): "British Airways says that 155 people remain stranded by the strike. A BA spokeswoman was unable to say how many of these were at Heathrow and how many are in other destinations around the world." Gate Gourmet says that it needs to restructure because it made losses of £25m in its Heathrow operations last year, and the job cuts will account for £14m of next year's savings. It has refused to give in to the union's demands to re-instate all the sacked staff as a precondition for further discussions, so the ex-employees don't seem to have much to look forward to either. The only comment I can offer is as a pretty long-term customer of British Airways. Now that all my air travel is done at the back end of the plane, I've had ample opportunity to compare Gate Gourmet's offerings in the front and back cabins. The club class fare was genuinely good - often a light and appetising salad, good dressing, fresh rolls and so on. It made European journeys, at least, quite tolerable at a time when I was sometimes relying on airline food for three or four meals a week. The story back in the 'cheap' seats is not so good. Although the quality of the ingredients is actually OK, the "All-day Deli" brand covers an unpredictable range of products, and often no choice. There are some things I need to avoid, like cheese and chocolate, and some things I don't like, like strong mustard. That frequently rules out some or all of what I find in the Deli bag. I also have an aversion to sandwiches which seem to have been stored in the cargo hold, if their temperature is any indication. The idea that Gate Gourmet are losing £25m a year putting this stuff out is frankly pretty worrying... as is the prospect of eating whatever they produce for £25m a year less cost. Next year's travel really should be a joy. Bring back Terry Pratchett's C.M.O.T. Dibbler... now there's a sausage inna bun, and you know exactly what you're getting. Sort of.

Today marks the deadline for the withdrawal of Israeli settlers from the largest of their occupied areas in the Gaza strip. Apparently one of the issues facing the Israeli government is that the ranks of the remaining settlers (who are, logically, the least inclined to leave) have been stiffened by "thousands of hardliners from Israel and the West Bank", presumably keen to force some kind of a showdown between the settlers and the eviction crews. That must put those crews in something of a dilemma... are they evicting bona fide householders or 'bussed-in' protesters? Is there any way of telling one from the other? As far as I can find via Google, Israel has had national ID cards since at least 1958 and possible 1949. I don't know whether all those cards record a domicile, though the same report says that cards issued for East Jerusalem do record the "territory" of the holder. The point is, unsavoury though it may seem, that extreme cases such as this give us the opportunity to see whether mechanisms such as national ID cards are of practical use when it comes down to it. They also give us the chance to explore how we would feel about the use of such technology for large-scale law-enforcement. I have to say, whatever one's views on the Occupied Territories, that if segments of the population are to be corralled one way or the other by law enforcers, then that action needs to be based on a specific legal offence, not on the address recorded on their ID card. Technorati tags: Identity, ID cards

I started this as a comment on Mark Dixon's blog, but it presented the opportunity to combine several themes, so I thought I would re-publish here. (Self-plagiarism... how sad is that?) Mark was making the point that providing users with a password-sync solution could reduce the consumption of trees (in the form of sticky-notes), as users would no longer need to frame their monitors with a neat border of user IDs and passwords. Indeed... that's one of the arguments in favour of single sign-on: by giving the user a more manageable number of IDs and passwords to take care of, you reduce the risk of poor management of the secret. Mark then went on to note that the corollary of this approach is that an attacker might gain access to multiple sites just by compromising a single login. This 'all eggs in one basket' argument is often raised against single sign-on. The Liberty Alliance considered the problem and concluded that the most sensible mitigation is for the protocols to provide for one or more additional authentication steps, at the discretion of the authenticating party. That means users can benefit from the convenience of single-sign on across the majority of the websites they visit, with additional authentication (such as a PIN number, or indeed another ID/password combination) required for a further subset (such as payment authorisation sites). Finally, there's the point that if you federate a user's SSO ID and password onto multiple 'back-end' IDs and passwords which are automatically administered, you can , essentially, insulate the user from knowledge or management of those credentials. You can choose much more secure passwords than a user ever would, and you can change them much more frequently than a user would ever do. That doesn't mitigate the risk of the user's SSO password being compromised (see the initial point about greater ease of management), but it greatly reduces the risk of an attacker directly cracking any of the 'back-end' passwords. And yes, it does mean you have to take good care of the repository which holds the 'mappings' between the SSO ID and the others. Still, it ought to be easier to achieve an acceptable level of security for that repository than to raise your entire user population to the equivalent level of competence. To paraphrase Warren Buffett: "Putting all your eggs in one basket isn't necessarily a bad thing... provided you take really good care of the basket". After all, if you have a farm-load of eggs, it's easier to protect them if they're all in one chicken-shed than if they're lying around all over the field...

Given what I said on July 8th, there's really only one thing I can say today: I think the UK government's most recent proposals in reaction to the terrorist attacks are headed in the wrong direction. Tony Blair, just before leaving for his summer hols, announced a range of legislative proposals which, although billed as 'a crackdown on extremism', also happen to read a lot like rather divisive measures set to ensure that specific segments of the population are alienated and expelled. That's a strange reaction to a 'war' which does not acknowledge frontiers, and which in this case was apparently prosecuted by 'home grown' activists. Oh, and they are retrospective. Which raises an interesting point. Hypothetically speaking, suppose that in my 8th July post, I had said something along these lines: "I can understand the logic of suicide bombing in a repressed society with no self-determination, a massively-armed and hostile neighbour state, and therefore no democratic way of influencing your future: but to resort to suicide bombing in a democracy such as the UK seems perverse." That is now being cited as the sort of remark which could lead to prosecution. I think. It might depend on whether you think that remark glorifies or incites terrorism. Come to that, it's not clear to me that I will continue to be safe from prosecution having said it now, albeit as a hypothetical example. " The key to the package is the new climate of recent weeks. As Mr Blair conceded, these powers would have met much stiffer resistance just a few weeks ago, before the London bombings." I think the old principle still has to be true: hasty law is bad law. En-Act in haste, repent at leisure.

This is a building which I like to visit whenever I get the chance, as much for the building itself as the collections it displays. The architect, Hans Hollein, created a set of interior spaces which vary in size and shape, and in places are every bit as visually engaging as the art on display. One photo can't possibly do it justice, but this might perhaps give you an impression: Museum für Moderne Kunst (Frankfurt am Main)

Rats... someone in the UK Government finally admits some of the failings of their ID Card proposals, and Chris Gerhard beats me to the story... ;^) Here it is. Here's the juicy bit: "We did suggest, or at least implied, that they might well be a panacea for identity fraud, for benefit fraud, terrorism, entitlement and access to public services." In its "enthusiasm", the government had over-emphasised the benefits to the state rather than for "the individual in providing a gold standard in proving your identity", he said. "There are now so many almost daily occasions when we have to stand up and verify our identity." Two things leap to mind. First, as Toby Stevens very accurately observes, the identity/privacy model is no longer about "daily occasions when we have to stand up and verify our identity": and in most instances it never should have been. The process should now have reached a level of maturity where the relevant assertions can be made anonymously. The most common credential-based assertions most of us make in our daily lives are assertions of creditworthiness, using a small piece of plastic. That card might look to some like an assertion of identity, but it isn't. It's barely worth saying again, but most merchants don't care a fig for whose card is presented to them. If it represents enough credit to cover the cost of the transaction, they're amply satisfied. The viability of this approach shouldn't come as a surprise to us: it's how cash has worked since the 17th century. Second, these remarks about the Government's ID Card policy were apparently made by Tony McNulty, the Home Office minister responsible for the project, during "a private seminar for the Fabian Society". Must be some new version of the word "private" which I hadn't encountered before. Technorati tag: ID cards

I found Jamie Lewis' post on 'trust' via Peter Davis' blog, and realised that I should have seen it much sooner. However, now is a good time to blog about it because it neatly ties together a couple of things I've already written - one a few days ago about "authorized" signatures, and one way back at the very beginning of this blog, about some principles of identity. [Yikes... has it really been five months??? Can anyone suggest a ratio of 'blog-time' to 'real-time'?] When Jamie notes, in his 'Thinking Out Loud' post, that some retailers have started asking him for an additional credential as well as his credit card "to reduce the risk of fraud", I think there are a couple of things going on. First, I'd like to be clear about the nature of the risk the retailer is seeking to mitigate. If the buyer is not the genuine card-holder and the merchant accepts the transaction, will the retailer nevertheless get paid for the goods? This is the vexed question of 'charge-backs'... that is, who takes liability for fraudulent transactions. An awful lot of retailers behave as though they have no liability in this regard (think how many of them hand your card back to you before you've even signed the receipt... so how are they comparing your signature with that on the card?). So that's a question of the business terms which apply to the consumer/merchant/acquirer/issuer business relationship. Second, there's the question of whether the merchant feels the credentials presented (a credit card) are such as to convince her that the terms of the business relationship could reasonably be enforced. In other words, if the retailer accepts the transaction despite concerns that the credentials may be fake/stolen/compromised, where is the liability going to land this time? It's this second kind of reliability which I think Jamie's example relates to. The retailer asks for another form of credential in order to mitigate the risk that the terms of business could be held (by the issuing bank) not to apply, and that the retailer therefore doesn't get credited for the transaction. The mitigation which the retailer gets comes from a number of factors: 1: the likelihood of someone having stolen the same victim's credit card and driver's licence might be held to be less (though the more credit-card sized driver's licences there are, the less I would tend to think this; 2: the registration process for the driver's licence might be held to be more rigorous than that for the bank card; 3: the credentials themselves might be held to be harder to forge/compromise than the bank card. In other words, the retailer is taking steps to address each link in the 'chain of trust' which I described back in March. (The relevance to my recent post about 'authorized' signatures is that I think that text on the signature strip gives a misleading impression about the chain of trust for the card in question: it implies that there is no way anyone else's signature could get onto the strip, despite the issuer's complete lack of control over that part of the process; it further implies that they are making some guarantee as to the authenticity of the signature, and I would bet they are making no such thing). There is a problem with the driver's licence example, though. Consider the case where the merchant duly checks driver's licence and credit card, but the transaction still turns out to be bogus. Imagine that the issuing bank refuses to credit the retailer for the transaction. The retailer protests, saying that she took all reasonable steps (including insistence on a second credential) to verify the buyer's identity, and therefore she should be paid in full. The bank (hypothetically hard-hearted...) says "prove it". Well, let's assume that the retailer wrote the Driver's Licence details on the till receipt and the customer's receipt at the time of purchase. That goes some way to providing an audit trail that she really did check the driver's licence. The bank (maintaining its pretence of cold indifference...) says "so what?". Whatever the perceived strengths of the second credential, it suffers from a further flaw - it falls outside the business relationship we discussed earlier, and is completely unrelated to any notion of the consumer's creditworthiness. I'd be interested to find out, though, whether any merchant has ever had this argument with a bank and won.

Here we go again... Mr Hoon told the BBC ministers will be looking into claims that passport checks at Waterloo are inadequate. He said: "I'm aware that the Home Office will be looking at that. Certainly in recent times there has been enhanced security for those leaving the country as well as for those coming into the United Kingdom. "It's one of those arguments that we have used to support the idea of identity cards, because it is vitally important that we are able to say who is in the United Kingdom at any given time." Oh dear. As I think we have already noted, one EU country (say, the UK) cannot oblige the citizens of another EU country (say, Italy) to carry a (UK) national ID card, even if they come to work in the UK. So that's something over 400 million people who cannot be tracked by Mr Hoon's suggested method. But then, maybe this plan is based on the assumption that terrorists don't come from inside Europe. Perhaps Mr Hoon didn't mean that. Maybe he meant that we need to be "able to say which UK nationals are in the UK at any given time". No, I don't think it can be that either. Given that machine-readable UK passports have been issued since 1988, it would have been possible (from about 1998 onwards) to scan all incoming UK passports with that objective. All they ever get, though, is a cursory glance from the passport officer and perhaps a wave under the fly-killer (UV lamp...). The following email lurks un-sent in my 'drafts' folder: Dear Mr Hoon - You don't need any new citizen credentials, you need to change the process which governs their use. Best wishes, Robin