Robin Wilton's esoterica

Over at ZDNet, Dana Blankenhorn has written a piece about federated identity raising some questions about whether it is a viable concept... or is simply an idea which hasn't taken off.

You can guess which way I tend, but for a little more detail on both sides of the discussion, it may be worth heading over and checking out the comments left by me and (he beat me to it) Superpat.

Something I didn't put into my comment, but which I think is worth drawing attention to, is this; here's how DB puts it:

'The trouble has nothing to do with code, and everything to do with human nature. The idea that “if you require signs-ons for every site people will use fewer sites” is comforting to many site managers, especially publishers, who see in it a hope to capture and retain their audience.'

As with a couple of the other themes of the article, I think this is missing the point. Federation is not an end in itself; it is a means to an end. That end is, in almost every case I can think of, improved service provision (whether to the employees of an enterprise, the customers of a business, or the citizens of a government body).

When I think of successful organisations, they are not the ones which rely on proprietary lock-ins or site-specific authentication to achieve customer retention. They are the ones who retain their users through added value and service provision. DB cites publishers; but in my experience, successful publishers capture and retain their audiences by publishing content which people want to see, not by forcing them to log in.

Indeed, as today's announcement from Vivendi Universal and Spiralfrog makes clear, there's a major segment of the publishing industry which isn't even going to charge its consumers. They will come for the content, and the service will run on advertising revenue.

That's hardly a business model based on 'authentication lock-in'.

There's also this basic point: you wouldn't expect one publisher to federate with another in the first place, particularly if they are commercial competitors. But you might well expect a publisher to federate with, say, a mobile telco, a cable company, or even a coffee-shop chain. The real commercial point of federation is to produce collaborative services which are more attractive than what each service provider can provide on its own - and that rationale applies to the business-to-business market every bit as much as to the consumer one.

Just a quick thought, about something I've been meaning to blog for some time.

Anyone who has travelled by air has heard the passenger safety spiel... frequent travellers have heard many different versions many times. It irritates me to see how many passengers ignore the information and disappear behind their newspaper, or carry on chatting with their neighbour. Don't get me wrong; this isn't pure altruism. It's not so much that they're jeopardising their own safety, but because odds are they are between me and an exit, and my own escape could well depend on their having successfully got out of the way.

Some of the survivors of the Kegworth crash in the 80s said they had survived because, not to put it too finely, they had clawed their way across the seatbacks to get to the exit, bypassing people standing in the main aisle. Some of those interviewed recognised, uneasily, that they may have survived at the expense of some of those who didn't make it. It may be too much to hope that in a real emergency, everyone will behave quickly, rationally and competently... but it seems crazy to ignore useful information when it is offered.

I know there will be people reading this who do consistently think about the safety information, but ask yourself this: when did you last check whether there actually is a life-jacket by your seat? There's a good time to discover that it's missing, and a really, really bad time.

Apologies for the lack of blog posts over the last week; I've been away for a break, with no web access (and you know, after a day or two of 'cold turkey', it was really quite nice).

Returning to England by ferry, I saw a headline on someone else's newspaper:

"The Spy in your Wheeliebin"

It was in the Mail on Sunday. For context, the Mail is a generally right-wing mass-circulation paper with a reputation for tapping into the instinctive conservatism of the middle classes. The paper's political leanings can perhaps be gauged from the lede, which reads "Germans plant bugs in our wheeliebins"... as if the fact that the hardware is made in Germany somehow explains the dastardly nature of the whole scheme. (I haven't checked the paper's "Letters" page, but odds are there will be one in there from a retired Major in Bournemouth pointing out that 'you couldn't trust the Boche in '45 and you can't trust him now'.)Here's a link to the paper itself, and here's one to a website with comment from those less convinced.

The story in question concerned the revelation/discovery that some local councils have been fitting an identity chip to residents' wheeliebins. The article voices the concern that this is a step towards charging by weight for non-recyclable waste.

The initial reveleation apparently came from Devizes, in the Kennet district of Wiltshire. According to the council:

"These are simply chips that will enable us to sort out disputes between householders about whose wheelie bin is whose. If there are any arguments we can just send out an officer to scan the chip and settle the argument.

There is a debate in Government over the possibility of introducing charges but that's not what we had in mind when we ordered the chips."

This raises an interesting Data Protection question; it's clear that the stated intent is for the chip to link the bin to a specific tax-payer, which means that the records the council holds are personally identifiable. Under the UK Data Protection Act, personally identifiable data recorded for one purpose (sorting out bin ownership disputes) may not subsequently be used for another (charging the householder for waste disposal). I'll be fascinated to see how they get round that one.

As you can imagine, a lot of the comment revolves around the fact that councils have installed the chips without mentioning any of this to their residents.

The depressing aspect is that, obscured by all the righteous indignation about 'Big Brother' councils, stealth taxation and Johnny Boche, there's a serious policy issue at stake, namely the lamentable performance of most UK citizens and councils in recycling their waste. The Institute for Public Policy Research (IPPR) has given figures for the percentage of waste recycled in 15 EU countries, and the UK comes 13th out of 15.

Now, I'm not saying any single group is to blame for this; the responsibility is a shared one, and the solution will need collective action too. For instance, councils could make it a lot easier for people to return recyclable waste (the bin we have been given for this purpose is 1/4 the size of the wheeliebin for non-recyclable waste; the maths is straightforward). All across our district, householders now waste time and petrol driving to the local recycling centres with whatever the fortnightly truck won't take away. Retailers could use less packaging, and make more of it recyclable or bio-degradable. Householders could recycle and compost more, and throw away less... provided the other parties were doing their bit.

As I say, though, it's hard to see the situation improving if the various parties don't act in concert, which is why it's depressing that some councils think the best first step is to bug their residents without consultation or consent.

Oh, and I've checked my bin... it appears to be clean. Electronically speaking.

I need some help from you, please...

I am now the proud owner of a Faraday passport wallet. According to the vendor's website, the wallet contains a layer of shielding which will block the reading of any passive tags inside.

However, I need to test the gizmo, and preferably not get arrested in the course of doing so. I would also prefer to do it without having to buy an RFID reader.

All suggestions gratefully received, and just to get the ball rolling, here's a starter for 10 (as they say);

- Put my Sun contactless access card in the wallet and see if I can still get into the office...

Oh, I should probably offer some explanation of the title of this post. You probably remember the old joke:

Gladys: Hey Fred... why are you scrumpling up little slips of pink paper and scattering them around your office?

Fred: They keep the tigers away.

Gladys: Tigers? But there aren't any tigers in Wiltshire.

Fred: Exactly. Bloody good, aren't they?

You might think that inside prison is a pretty tough place from which to claim unemployment benefit. I mean, the only time I ever drew unemployment benefit I had to go in person every couple of weeks and sign a form saying I was 'available and looking for work'. But it turns out, according to this article, that prisoners were in fact paid millions, over the past three years, in unemployment benefit and jobseeker's allowance.

That wasn't the part I wanted to comment on, though. What caught my eye was the classic 'deflection' statement by the Dept for Work and Pensions:

A department spokeswoman said the figures were estimates, based on small samples which had a "wide margin for error".

"We are the first people to start counting it."

Take a moment to appreciate the sheer quality of this deployment of a tried and tested formula:

1 - rubbish the statistics;

2 - use the phrase "crack down";

3 - vehemently deny complacency, despite the fact no-one has accused you of it;

4 - Claim you are the only people doing anything about it.

Well of course you're the first people to start counting it; for one thing, you were the people paying it out, so presumably you had to count it then... for another thing, it's your responsibility to pay it out correctly, so it's your responsibility to check you're not paying it out in error.

It may, admittedly, just be the way in which the spokeswoman was quoted... but the article portrays someone prepared to say anything short of 'we messed up'. Wouldn't that be refreshing?

It makes me crabby.

Lots has already been written about the Ford Edsel of the late 50s/early 60s, with the phrase "ill-fated" usually cropping up within the first few sentences.

However, here's another one of those little informational objets trouvés which I haven't seen referred to elsewhere yet, so I offer it to you in case it turns up in a trivia quiz somewhere:

The first recorded person to be run over and killed by a motor car in the UK was one Bridget Driscoll of South London, on Aug 17th 1896. She was hit at 4mph by an oncoming Roger-Benz, apparently transfixed by the sight of its rapid approach.

There's also a suggestion that the car may have been modified to increase its speed to a reckless 8mph, by its driver, who worked for a car company.

The driver's name? Arthur Edsell.

The sequel to this 'ownerless phone' episode contains the usual elements of strangeness, humour and fear. Apparently when no-one owned up to the phone in question, the passengers around it tried to smother it with pillows, despite everyday experience that mobile phone signals can penetrate squishy materials like airline pillows and oxygen-starved passenger brains.

The flight in question was turned back, landed at Heathrow, and the passengers' baggage was all then offloaded - for which they were presented with a lost luggage claim form. All this suggests that not only was something amiss with the cabin baggage checks, but the current restrictions have over-stressed the hold baggage processes as well. So: arriving flight hold baggage is offloaded and taken to Arrivals luggage collection; returning flight hold baggage is Lost. Not reassuring.

I have to admit, in my experience a whole lost suitcase does (touch wood) turn up... I've had mine find me again on three occasions. It's the stuff which goes missing from inside luggage which doesn't ever re-appear.

In that context, having to check all one's data and electronics into the hold is a pretty worrying prospect.

Incidentally, there are metal security meshes which backpackers often use to secure their possessions; does anyone have any experience of using one of those, either inside or around normal hold baggage, as a security precaution?

"HELLO? YEAH, I'M ON A PLANE. FROM HEATHROW, YEAH. WHAT? YEAH, MOBILE PHONES AREN'T ALLOWED ON BOARD. WHAT? I CAN'T HEAR YOU. HELLO?" (With apologies to Dom Joly)

Someone must have had a red face yesterday:

"On Sunday night a British Airways flight was turned back after a mobile phone was heard ringing at the back of the plane.

No one admitted owning the phone so flight BA179 with 217 passengers on board returned to Heathrow as a precautionary measure, prompting BA to apologise for inconvenience, although it said safety was its 'number one priority'." BBC News article

Let's hope that the UN-brokered ceasefire in Lebanon takes effect - bilaterally - on Monday.

The latest news appears equivocal: Israel will stop 'offensive activities' and is linking withdrawal to the 'parallel deployment' of a third-party peacekeeping force (which shows no signs of being prepared); Hezbollah, which, let's not forget, is represented in the Lebanese government, is clinging to the right to continue attacks as long as any Israeli troops remain in Lebanon; and the Lebanese government as a whole is struggling to complete its own cabinet discussions into the acceptance of the UN terms.

In the meantime, rocket attacks continue, as does the ground, artillery and air assault on Lebanon.

Even with that as a context, the decision by Israel to further extend its push into Lebanon despite the UN resolution looks less and less like anything to do with rooting out Hezbollah, let alone recapturing its kidnapped troops, and more and more like a pre-emptive land-grab in the run-up to negotiations about its withdrawal. But that, I am sad to say, is not new.

Somewhat predictably, the first interest group to express reservations about the increased levels of airport security check are... the airport operators. I can't say I blame them.

Airports have spent most of the last 20 years transforming themselves from soulless waiting-areas into... soulless waiting areas where you can spend a lot of money on food, booze, clothes, caviar, cosmetics, gadgets, DVDs, stuff with 'Harrods' written on it, pens, penknives (until 9/11... the Swiss airports must have loved the aftermath of that one), and the classic niche market, lottery tickets to win an Aston Martin.

The airlines aren't that happy either - particularly the low-margin ones who depend on a quick turn-around at every destination.

The point is, passenger expectations and behaviour change slowly. For the foreseeable future, people will turn up with prohibited items in their hand luggage (given that the vast majority of things are prohibited).

At that point, one of two things has to happen: either the prohibited items are taken out and thrown away (and there's a limit to how long people will go on regarding that as an acceptable remedy) or people will need the option to transfer them to their hold baggage.

That can't happen, though, with airports laid out are they are at present (with the cabin baggage security checks happening after your hold baggage has already been consigned to the bowels of the system). Just throwing staff at this won't fix the problem. Every airport I've been through just doesn't have the space in the check-in areas to accommmodate the security checks currently required.

At some point, the risk assessment will cease to outweigh the inconvenience to the airlines, the airport operators and the passengers. The question is, when?

Some of today's headlines have been about how Home Secretary John Reid has eased effortlessly into the Ministerial driving seat, in Tony Blair's absence, apparently at the expense of John Prescott, the Deputy Prime Minister.

With that in mind, it's intriguing to refresh our memories of what John Reid was saying the day before the night of the 'air terror round-up raids':

"The UK might have to modify its freedoms in the short term in order to prevent their "misuse and abuse" by terrorists."

At the point when he made that statement, it seems overwhelmingly likely that he knew the interdiction raids were about to take place, and that stringent new restrictions were about to become a feature of our travelling life.

The sad thing is that it is so easy to believe that this was a concerted piece of media management.

I blogged yesterday about The Observer's report on Gordon Brown's alleged plans for the future of a National Identity Register (and ID Cards and biometrics and law enforcement).

I commented fairly briefly. For a longer and altogether more vituperative autopsy of the proposals, head over to The Register, here.

Following yesterday's 'foiled air terror plot', as the headline-writers might put it, the UK Department of Transport has imposed strict limits on what passengers can take onto aircraft as hand-luggage.

Kirk Parcel and Simon Phipps have blogged already about this to some extent, and Kirk's post includes some interesting thoughts about the practicalities of taking a laptop with you as long as these restrictions are in place. [updated to add a link to Brian Nitz' comments, which I think are spot on]

Here's the BBC page listing permitted items. In summary, you are allowed to take the following on board, subject to search, scan and in some instances, sampling (for instance, of baby food, which will do interesting things to sterile jars and bottles):

Obviously battery-operated items and electronics have been excluded, so no phones, laptops, MP3/DVD players, PDAs, headphones (including noise-cancelling ones) and so on.

It's not clear to me whether a car key with a built-in remote (as opposed to an 'electric key fob') would be allowed on or not.

There are a number of other items which I would class as low-risk, but which aren't on this list, for instance:

- paperbacks

- eyeshades, foam earplugs, inflatable pillows

- pen (for completing immigration cards, for instance)

I also wonder about non-prescription medicines, such as aspirin (recommended as a preventer of deep-vein thrombosis), paracetamol/acetaminophen and the like.

As I mentioned above, it seems those travelling with infants are in for a great time. De-sterilise and taste your baby-food in front of the security staff, and don't bother trying to take anything to keep your child occupied during the flight. Deep joy for all.

There's an opportunity here for the airlines, it seems to me, to provide 'amenity kits' for long-haul passengers - delivered securely air-side. I know some do it already, but it will be interesting to see if the others are prepared to spend the extra cash to do so.

I have some practical questions as well:

- assuming I want to follow the rules, where do I get see-through carrier bags?

- what happens to the bag you had everything in before you had to put it all in a see-through carrier bag?

- is anyone making any provision to deal with items you are prevented from taking on board, or are they just thrown away? (Given the way airports work currently, your hold baggage has already been checked in by the time you pass through the cabin baggage checks).

- Does a bottle of duty-free high-proof spirits count as a liquid explosive?

And an observation I believe I have made before: the most dangerous place in an airport currently is the queue for the cabin baggage checks. At that point, you could be carrying anything at all, and you are in a dense (and now extremely large) crowd of waiting passengers.

If you have experience of the 'new regime' and answers to any of these questions, please let us know...

There's an interesting article here, from last Sunday's Observer, on Gordon Brown's reported intentions with regard to Identity Cards, should he succeed Tony Blair as Prime Minister.

Given Mr Brown's long-cultivated reputation for financial prudence, I can only assume this means he will want to accumulate a great deal more information about the likely costs and benefits of such a scheme than appeared to inform the current effort.

I'd just like to replay that quotation from Liberal Democrat MP Phil Willis:

"Despite their vested interests in the scheme, industrial representatives are speaking openly about their concerns regarding the identity cards programme - this should set alarm bells in the Home Office ringing."

In addition to speaking openly, we're also, of course, ready to listen and to discuss.

All UK airports have been affected to some extent today by a major terror alert. If you're planning air travel to or from the UK, check with your airport or airline before you set out.

London's largest hubs, Heathrow and Gatwick, are seriously affected. According to the BAA website those airports are still open, but subject to severe delays. Earlier news reports said that Heathrow was closed to inbound flights, and Gatwick closed to both incoming and outgoing traffic.

According to the Home Secretary and security services, the 'major players' behind the threat were rounded up in police raids last night; however, they assess the risk as high and ongoing.

The threat appears to have been a quite specific one, apparently to transatlantic flights, so the cancelled flights include short-haul flights into Heathrow and Gatwick from other UK and European airports.

The implication is clear: as with any security threat, weak links in the chain will be targeted - so if it's hard to get something onto a plane directly at Heathrow, an attacker may try to transfer via a connecting flight from a 'less high-profile' airport elsewhere.

Here's a link to a BBC page with status information for all UK airports; it may not be absolutely up to date.

Here's a link to the BAA page (BAA operates most of the large airports in the UK); it's more likely to be current. The BAA site itself is getting heavy traffic, but has links to individual airport pages.

At last November's European e-Government conference in Manchester one of the freebies being handed out was the "squishy" - a little foam mannekin in various colours (one for each of the projects being publicised).

Since then, apparently, the squishies have been turning up in various locations around the world - so I thought I should let you know where mine have been.

So far the list stands at California, Zurich, Vancouver and Oxford, though for [ahem] administrative reasons not all of those made it into photo form. Still, Zurich and Vancouver are immortalised, and you can find the evidence on this Flickr page.

As the world of federated identity continues to evolve, here's a chance to nominate someone who you think has done exceptional work in the deployment of digital identity management systems.

The IDentity Deployment of the Year, or "IDDY" awards are the Liberty Alliance's way of marking a period in which the development of specifications has been complemented by increasing adoption of the resulting technology.

So if you know about a deployment project, please nominate it and get some well-earned recognition for the proponents of 'Liberty in action'.

The nomination should take you no more than about 15 minutes to complete, and you can find the details here on the Liberty Alliance website; but don't delay. The deadline for nominations is August 21st., so that the awards can be made at this year's Digital ID World event. Nominate early, nominate often!

Partly, at any rate.

In Southern Lebanon there seems little doubt that the curfew imposed by Israel is having a severe effect. The UN says that it has abandoned today's attempts to get an aid convoy through to the area.

The airstrikes which have destroyed bridges, highways and fuel supplies in Lebanon have doubtless hindered the movement of Hezbollah weaponry (though one apparent effect has been an increase in the daily rocket attacks on Israel); but they have also prevented the escape of refugees, and according to The Independent, the air strike on the Jieh power station has created a 30,000 ton oil slick polluting the Mediterranean coast to an unprecedented degree. Close to a million Lebanese are thought now to be refugees because of the 28-day assault.

Some people, however, remain unaffected by the travel constraints. The Independent's Robert Fisk, who is in Beirut, writes somewhat scathingly of the Arab delegation which is travelling to the UN to demand further changes to the 'ceasefire' resolution... delaying the resolution in the process. On other pages in today's Independent, there's news that Dame Shirley Porter has chosen this moment to London after 12 years of self-imposed exile in Israel. It's almost impossible to capture the essentials in just one sentence, but Dame Shirley had to quit as leader of Westminster City Council in a corruption scandal over the (ab)use of council-owned housing assets to buy votes.

According the the article, "She was also found to have forced 122 homeless families likely to vote Labour out of eight marginal seats, forcing them instead to live in tower blocks that the council knew to be contaminated with asbestos." There followed years of wrangling over the repayment of millions of pounds, during which Dame Shirley absented herself from the UK. She has recently bought a £1.5m flat on Park Lane.

Who else is still travelling? Margaret Beckett, our Foreign Secretary. Tucked away at the end of an article under the headline "UN resolution delayed amid diplomatic chaos" comes the news that last night she was "continuing her summer holiday in a caravan in France". Of course, the huge advantage of caravan holidays is said to be their flexibility.

Tony Blair hopes to leave for his delayed holiday in the Caribbean tomorrow.

Now, I know 'world events' don't stop for anyone, and even politicians need a holiday, but the synchronism seems poignant. To many at the pointed end of the Middle East conflict, I dare say, a Caribbean resort, a caravan in France, a Monopoly flat on Park Lane or even an asbestos-ridden council flat would seem attractive by comparison.

If he starts heckling at the next Labour Party conference, they're going to have a slightly harder time throwing him out: he's been voted onto the party's National Executive Committee.

He says he hopes his election will provide him with the opportunity to speak from the conference platform. Interestingly, the major issues he cites are Palestine, Iraq and nuclear disarmament. Who knows, perhaps former Foreign Secretary Jack Straw will be in the audience, heckling him.

Sept 2005: 82-year old Labour Party member detained under Section 44 of the Terrorism Act for heckling.

Chip your kids?

Interesting short article here at RFID Gazette's site on some of  the legal and privacy factors relating to this technology.

"Wisconsin and a small handful of other US states have recently passed bills into law prohibiting the compulsory implantation of RFID chips [in humans]"... and the US Department of Homeland Security (DHS) 'does not currently advocate ... implantation'.

At a time when the UK government is moving towards the systematic accumulation of unprecedented amounts of data about every child in the country, this really is something to be thinking about.

"Concerns over new child database" BBC News

"Millions of children to be fingerprinted" The Observer

"Big Brother database" The Daily Mail

 According to the Mail:

"Police, social workers, teachers and doctors will have access to the database and have powers to flag up 'concerns' where children are not meeting criteria laid down by the state.

The 'children's index', which will cost the taxpayer £224 million, will even monitor whether youngsters are eating five portions of fruit and vegetables a day, whether they go to church or are struggling to get good marks at school."

The article goes on to say that Ministers maintain that the database 'will provide early warning indicators of children at risk', but also quotes the Assistant Information Commissioner, Jonathan Bamford, as maintaining that the scale of the scheme is disproportionate to the risk.

One of the drivers for the scheme is Lord Laming's report into the appalling death by abuse of 8-year-old Victoria Climbié in February 2000.

To my mind, the strangest discrepancy is this: Lord Laming found that "nothing more than basic good practice" would have saved Victoria. That would not have involved knowing whether or not Victoria attended church or ate enough fruit and vegetables; it was a matter of knowing whether or not she was being beaten, starved, neglected and confined in her own filth.

As Bamford puts it: 'When you are looking for a needle in a haystack, is it necessary to keep building bigger haystacks?'

Observer Q&A of the Victoria Climbie case

The Independent on Sunday (IoS) has an article today summarising an in-depth investigation into 'Children and the Net'. Here's the opening paragraph:

"1 in 12 teenage users has met a stranger via the internet;
6 in 10 have personal profiles on networking sites;
50,000 paedophiles are online at any one time;
Two-thirds of 12 to 19-year-old users hide online activities."

The article notes that MPs are calling for Home Secretary John Reid to propose 'e-safety' training to be carried out in schools as part of the national curriculum. I think that's the right place to start; behaviour change is the most effective mitigator of online risk.

Speaking of which, there are comments in the article which should make all of us think, particularly those of us who use social networking sites and/or upload family photographs.

"Abusers are obtaining the names and addresses of potential victims by hacking into 'buddy lists'"

"Paedophiles are also hijacking innocent images of toddlers and infants in online family albums"

Why not take some time this weekend to review what information you have stored online, do a risk assessment and maybe some housekeeping.

Interestingly, there was no mention in the Independent's article of NetIDMe... but they did refer readers to the CEOP website. Here's CEOP's web address again.

These two stories make interesting side-by-side reading:

Thursday Aug 3rd, 14:30: Prime Minister "insists that ID cards will form a major plank of Labour's manifesto at the next General Election".

Thursday Aug 3rd, 23:30: Parliamentary Technology Committee says the ID Card plans are 'inconsistent and lacking clarity'.

The quotation I found most interesting in the latter article was this, from Liberal Democrat MP Phil Willis:

"Despite their vested interests in the scheme, industrial representatives are speaking openly about their concerns regarding the identity cards programme - this should set alarm bells in the Home Office ringing."

I know I have. I hate it when I do that. And then you have to send that pathetic follow-up email saying "here's the attachment this time [blush]".

I was chatting this over with some colleagues, and saying WIBNI someone wrote a little 'lint-checker' routine which scanned your outgoing emails for the string 'attach', and displayed a pop-up if it noticed that you hadn't attached anything.

Well whoop de do, some kind soul has indeed written one. Here's a link to the site. The tool requires Firefox plus the Greasemonkey extension, and I haven't tried it yet - but if you have, why not let us know how you are getting on?

I blogged yesterday about some of the protective measures currently being publicised for children online, and Conor Cahill kindly added a couple of useful comments and links. One of those, to the ever-dependable folks at 'Watching Them, Watching Us', really does bear further examination.

Here's the link to their blog entry again.

Note that their comments are split across two posts, so make sure you see both. Among the concerns they raise are:

- There is no indication that the NetIDMe staff have had the same kind of Criminal Records Bureau (CRB) check which they would have to have, for instance, if teaching or working with children in a school, despite the fact that they will have access to a database of extremely sensitive records about children.

- The online registration process appears to lack any security in the form of encryption... so one has to wonder about the risk involved in signing up from a PC on a school LAN, say. Here's a snapshot of the 'Page Info' popup for the registration page:

- There seems to be a real possibility that the company's registration under the Data Protection Act is faulty... in that it doesn't appear to disclose the nature of the very sensitive data they intend to process.

As I say - have a look at the comments and the NetIDMe website and draw your own conclusions about risk mitigation. My advice is to mitigate risk primarily by working to make your children's online behaviour safer. If you have children who you perceive may be at risk in their online activities, talk it through with them, and use the CEOP website to go through some risk scenarios. Use tools like those at Steve Gibson's grc.com to see what information your internet/browser setup leaks to the world. Check out CEOP's Abuse Reporting Tool and make sure your kids are comfortable about the idea using it (for instance, if they are reluctant or embarrassed to come to you about something).

And as Sgt Phil Esterhaus would say... "Let's be careful out there".

My thanks to Liberty colleague Kenji Takahashi of NTT for pointing me to this article on Wired:

Hacker Clones e-Passport

As is often the case, the headline and the soundbite ('"The whole passport design is totally brain damaged", Grunwald says') grab the attention, even if the attack does not, at first glance, seem quite so fatal.

Apparently Grunwald managed, using publicly-available documentation and devices, to read the data off one RFID passport chip and reproduce it on another one. He was not able to modify the data (although presumably a brute-force attack on its signing key might allow this to be done).

The net result was that he ended up with a credential where the machine-readable data did not match the human-readable data, the implication being that the human-readable data could be of his choosing. Of course, in most usages, this discrepancy would be noticed by a passport control officer, who would compare the machine-readable data with the printed data, and compare both with the person standing in front her/him. The attack also assumes that the hacker can successfully forge (or obtain) the rest of the passport around the cloned chip (and that they had access to the original passport for a while too).

I'm not saying the attack is pointless; it's always good to expose the capabilities and characteristics of systems which you and I will later come to rely on.

It's also useful to have this as background to discussions of what data ought to appear on your digital credentials in human-readable form. There's some discussion, for instance, as to whether a citizen ID card ought to display the holder's name, photo, identity number and so on, with some privacy advocates recommending minimisation of human-readable data. That's a good principle, but Grunwald's hack also demonstrates the need for a humanly-verifiable element to digital credentials which is perhaps protected by technology, but not mediated by it.

Recent addition to the Identity blogosphere, and fellow esotericist ;^), Conor Cahill has raised a further interesting concern about the NetIDMe scheme, namely that of 'panopticality'. In case you missed earlier discussions on this topic, 'panopticality' refers to the principle of a design in which the actions of the user are visible to the operator of a scheme.

Originally it referred to he architectural design of barracks and prisons, where the requirement was to ensure that inmates could be supervised and controlled by a much smaller number of staff. A key part of the 'behavioural modification' in that instance was that the inmates knew that they might be being surveilled at any time, but had no way of knowing when they were and when they were not.

In identity systems, Stefan Brands and others have used the term to refer to systems where the authentication protocol has the side-effect (intentionally or not) of allowing your identity provider to keep track of all the service providers to whom you request authentication.

As Conor notes, it does give a 'big brother' feel to the NetIDMe setup, whether intentionally or not, and that is unlikely to endear it to its target demographic.

Here are a couple of interesting websites relating to the protection of children online.

CEOP, which I heard about on the radio a few days ago, is a UK organisation with a website contains advice and guidance about online behaviour, and also a confidential Abuse Reporting tool.

CEOP is also a member of the Virtual Global Taskforce of police forces around the world (specifically UK, US, Canada and Australia). I think it's good that there is a cross-border dimension to this from the outset, though clearly there are countries outside those four where the threat to young people online would have to be assessed as higher. Still, a start is a start.

The second one, also under the over-all umbrella of the VGT, is NetIDMe. Present in the same four countries, NetIDMe is a system for issuing and authenticating credentials for young people online.

The registration process includes:

- getting an adult to pay a subscription fee;

- getting a second adult to vouch for the veracity of the registration details.

While not proof against collusion, those seem to be reasonable measures.

The credentials themselves support assertions of the following attributes:

- first name

- age

- gender

- general location.

The assertions can only be made where both parties hold NetIDMe credentials... so the hope is presumably that over time this will grow to form a robust and inclusive network of pair-wise relations between young internet users.

At first glance this looks like a reasonable scheme, and perhaps better than nothing, but I have a couple of concerns.

First, as I say, the assertions require both parties to have NetIDMe credentials. In one sense that's a good thing, because that way both parties know they are 'playing by the same rules'. On the other hand, the nature of online interactions, espeically in young people's social networks, is generally extremely ad hoc, and therefore the tendency will be to form online relationships anyway, if the alternative is perceived as relatively involved and cumbersome (such as anything involving a parent or other dinosaur...). That might limit adoption to below critical mass, particularly as in the early days, the chances are that the people with whom users want to interact online will not have the corresponding credentials.

Second, I question whether it's a good idea to disclose so much personal data under the NetIDMe, scheme... though I fully admit, this is a double-edged question. On the one hand, if you trust the credentials of your buddies, then why not reveal your name and age. On the other hand, why not assert an 'age band' as opposed to your actual age (for instance, 6-12 years, 12-16 years, 16-20 years and so on), or a simple upper or lower bound such as 'over 16', 'under 18', 'over 40' etc..

If you assume that it's possible for an unscrupulous adult (or two) to subvert the registration process and get a valid ID, then one could argue that NetIDMe provides the means for that person to get accurate information about their interlocutors' age and sex.

There is an argument that the ability to present a 'persona' online is a useful safety mechanism for young internet users, though again, I freely admit that that cuts both ways - however, a young surfer who presents a 'persona' is likely to be conscious that their interlocutors may be doing the same thing. This scheme seems to me to remove that ability. Indeed, a straw poll indicates that the preference of a young security-conscious internet user is quite simply to reveal no personal data. That approach is compatible with NetIDMe, but only in the use-case where you simply do not reveal that you have a NetIDMe credential.

All in all, my conclusion is that the CEOP website is probably more useful than the NetIDMe service; I suspect that the more effective counter-measure to online abuse of young users is behaviour-change, rather than technology... and on that score, CEOP probably provides more practical benefit than a set of credentials will.

Israel's Prime Minister, Ehud Olmert, is quoted today as saying that the deployment of an international peacekeeping force is a pre-condition for the cessation of the assault on Lebanon.

That seems to be a quite different criterion from the original mission of ensuring the return of the Israeli soldiers seized by Hezbollah.

Either way, this suggests a bleak outlook for the Lebanese: first, there is no indication that an international force is even about to be mooted, let alone agreed to, let alone deployed (see also Robert Fisk's pessimistic analysis of such a move).

Second, I find it hard to imagine that such any force would be deployed while offensive operations are still in progress.

I suspect that means the onus remains on the rest of the international community to put forward a proposal which is actually workable.

Scott McNealy was renowned for expressing the view that he'd happily have his kids RFID tagged if it meant be could keep track of them. As a father's prerogative, there may be something in that - but when representatives of the 25 EU member states gather behind closed doors to plan the compulsory fingerprinting of children as young as 6, I tend towards deep unease.

This article on The Register, and the House of Lords report it links to contain enough to worry parents and those concerned about civil liberties or data protection.

For instance, the foreword to the House of Lords report concludes as follows:

"We do not understand why the former Home Secretary should have apparently agreed with other G6 ministers to press forward with the 'availability'  principle and disregard data protection issues. This is contrary to the decision of the Member States in the Hague Programme, contrary to the advice of independent data protection authorities, inconsistent with what the Home Office Ministers had told us, and against the views of the Finnish Presidency. The exchange of information between the law enforcement authorities is important, but not so important that civil rights can be eroded."

The G6 group to which the report refers is composed of minsters from France, Germany, Italy, Spain, Poland and the UK. Between them, these six countries account for roughly 75% of the EU population.

Here is an example of what the authors of the report mean by 'disgregard [for] data protection issues':

"20. Eurodac is a fingerprint database established under the first pillar solely to assist in the determination of the country responsible for considering asylum applications. It requires all Member States to take the fingerprints of asylum applicants and of others apprehended for the irregular crossing of external borders. The fingerprints are transmitted to a central database which the immigration authorities of other Member States can access, allowing them to check the identity of asylum applicants, and to check whether an alien found illegally present in one Member State has applied for asylum in another Member State. Importantly, fingerprints are erased after ten years; earlier if a person has meanwhile been granted citizenship of a Member State.

21. The Regulation establishing Eurodac does not contemplate police access to Eurodac, nor is there any reason why it should; the fingerprints are collected for the very specific purpose prescribed in Article 1(1) of the Regulation. There is not at present any legislative proposal on the table to widen the scope of Eurodac. Police access to the database held by the Commission would be an entirely new departure.The sole legal basis of the Regulation is Article 63(1)(a) of the EC Treaty, and that alone would be insufficient to allow access for purposes other than those in Article 1(1), whose wording is taken directly from the Treaty."

In other words, the intentions of this G6 group do not just represent a potential threat to the civil liberties of EU citizens and would-be citizens, they also involve taking personally identifiable data collected for one specific purpose and re-using it for an entirely different one (which is explicitly what the EU's own Data Protection provisions are intended to prevent).

What should worry us about this is not just the group's intentions, but the apparent lack of any of the normal transparency and accountability which one would expect from such a policy-forming body operating in the context of a democratic institution.