Robin Wilton's esoterica

       
 
« Previous day (Mar 16, 2006) | Main | Next day (Mar 17, 2006) »

17 Mar · Fri 2006

Worth a read...


I like this blog.
Posted by racingsnake @ 11:19 PM GMT+00:00

The status of privacy in the UK


One of today's top stories in the UK concerns the court case over the publication of one of Prince Charles' diaries by the Mail on Sunday newspaper. The Mail argues that it is 'in the public interest' for the Prince's papers to be published because he expresses views (though not solely in the diaries) about political issues. What's interesting in that respect is that the diaries were stolen before they were obtained by the Mail on Sunday, and they were not written in the expectation of being published in a national newspaper. Neither was the Prince's consent sought before publication. What's interesting from a privacy perspective, though, is the basis for the judge's ruling that the Mail should not publish the first diary. The publication was not banned on grounds of privacy, but because the paper was ruled to have breached the Prince's "confidence and copyright". That strikes me as strange. The Prince hadn't 'confided' in the Mail; he hadn't passed the papers to it 'in the confidence that' they would not publish them; his expectations played no part in their actions. Of course, it's also possible that the Prince carefully marked the diaries "© C. Windsor 200x"... or maybe they were prefaced with a notice that "Prince Charles hereby asserts his right to be identified as the author of his own diaries". No, I didn't think so either.... But in the absence of a constitutional right to privacy, they had to find some legal basis for preventing publication.
Posted by racingsnake @ 10:39 PM GMT+00:00 [ Comments [2] ]

Is there movement on ID card functionality?


Along with the coverage about potential stalemate between the Lords and the Commons on the ID Card bill (and, incidentally, the Anti-terrorism Bill), there's an article on the BBC site today which might indicate that there's an opportunity for compromise on the practicalities. In the article, the idea of PIN-based authentication is discussed in relation to UK Identity Card plans. I'm not sure how significant this is yet, but if it is a sign that a more incremental approach is being adopted, then I think the appropriate phrase is that this is to be "cautiously welcomed". I have always assumed that, for practical purposes, UK ID Cards would need to include PIN-based authentication in any case, just as you use a PIN in the first instance to authenticate your self to the SIM in a mobile phone. That initial authentication may then 'unlock' additional security mechanisms, but in the first instance it provides the user with a practical way of controlling access. If you use a PKI-capable browser, chances are you use a similar mechanism there, too: your certificate/keypair are stored in a 'keyring' to which access is controlled by a password. Entering the password makes it possible for the browser's security functions to access your keypair and thereby digitally sign/verify/encrypt/decrypt data. It has also, I think, been obvious that not all parties who intend to rely on the UK ID Card would want to rely on the biometric functions on it: rather, there will be some organisations who can afford the necessary biometric reader infrastructure, and others whose risk analysis does not justify that level of expenditure. The UK Government Gateway project (a centralised authentication service) already incorporates a design in which authentication delivers different 'assurance levels' depending on the strength of the registration process and the nature of the credentials issued. A tiered system for ID Cards, enabling PIN-based and other authentication mechanisms would be consistent with that approach. In my view, it would also allow the risks of a national scheme to be dealt with in a more incremental manner --- whether one thinks of the 'technical' risk of rolling out such technologies on a national scale, or the 'political' risk of attempting to introduce more exacting identification than the average law-abiding citizen believes is appropriate.
Posted by racingsnake @ 10:53 AM GMT+00:00 [ Comments [4] ]
 
 
 
 
 
« March 2006 »
MonTueWedThuFriSatSun
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today

unsubscribe from human rights abuse in the war on terror
Locations of visitors to this page
Such views as I express in this blog are based on my own opinions, experience and judgements. They do not necessarily represent the policy or views of my employer. It is not my intention to offend readers in any way. If you find anything on this blog offensive, please contact me in the first instance.
Robin Wilton
www.flickr.com

Links to recent entries

[RSS Newsfeed]

Valid XHTML or CSS?

[This is a Roller site]
Theme by Rowell Sotto.
What's this?
 
© racingsnake