Robin Wilton's esoterica

The theories I've seen suggest that the first mammals to gain an evolutionary toe-hold in the shadow of the dinosaurs were small, shrew-like creatures... but that homo sapiens only evolved many millennia later from ape-like beings which lived in, and eventually descended from the trees. Now scientists have found a tree-shrew in Malaysia which may cast a rather less flattering light on this evolutionary progression. It seems that the pen-tailed tree-shrew spends the vast majority of its time completely stotious... the worse for drink, to an extent which would render the average human utterly incapable (or, to use the technical term, "hat-racked"). It seems to suffer few, if any ill effects from this disreputable life-style, whereas alcohol is frequently blamed for many of the social and medical ills which afflict the modern human.

Is it not more plausible, then, that humans actually evolved when some subset of tiny, primitive tree-shrews just couldn't hold their booze or their allotted branch, lost their grip completely and didn't descend voluntarily so much as simply fall out of the trees? In other words, we don't represent the culmination of evolutionary improvement at all... we're just the ones who couldn't stand the pace.

Sir James Crosby began his Treasury-commissioned review of the National Identity Scheme (NIS) in September 2006 and delivered the resulting report pretty promptly about a year later. It was then sat on until it could be buried by publishing it just after the copy deadline on the same day as the government announced its own National ID Card Delivery Plan ("Mais, comme c'est bizarre; et quelle coïncidence!"*) in early March 2008.

That delay is now creating the illusion of an almost superhuman work-rate on Sir James' part, as he hits the headlines again today with the publication of his review on how to mitigate the effects of the global 'credit crunch' on the UK economy in general and the mortgage market in particular. One of the options he considers is that the government might guarantee bonds issued to underwrite the lending market (as a whole, rather than individual borrowers). Such a move would, essentially, mean the the taxpayer is ultimately underwriting the commercial mortgage market - albeit indirectly.

One problem Gordon Brown and his successor as Chancellor face is that the taxpayer is already directly underwriting a chunk of the commercial mortage market, in the form of Northern Rock - a state of affairs into which the government was precipitated partly by significant supervisory failures over the preceding decade. They therefore do not have the 'cleaner' option of either direct guarantees to specific institutions in difficulty or indirect under-writing through guaranteed bonds, but must find some way to cater for both. And they must do this without appearing to directly favour one commercial institution over another, or introducing perverse incentives for participants in the market to behave irresponsibly.

That part, though, is the policy-makers' problem, now that Sir James has set out his analysis of the problem.

Now that he's had a crack at the ID Cards system and the credit crunch, I wonder what Sir James will be asked to review next.

I reckon the front-runners are food and fuel prices, or global warming. He can't have the Israeli/Palestinian problem, because Tony bagged that one a year ago, but hasn't actually set foot in Gaza since taking the job.

*Leitmotiv, 'La Cantatrice Chauve', Eugene Ionesco

The BBC reports today that a van containing blank UK passports and visa inserts was commandeered and 24 boxes of documents stolen, about 1/2 mile from the specialist printing works where they were produced. Some 3,000 passports and visa stickers are reckoned to have been stolen. The indications seem to be that this was a specifically-targeted theft.

In itself, this doesn't necessarily represent a massive disaster - though it is certainly embarrassing for the Foreign Office, which was about to distribute the documents to its consulates overseas. After all, the passports still have to be convincingly 'personalised' with laminated photographs and - ideally - valid data on their embedded chips. It is this latter security mechanism which is being cited by Labour's Deputy Leader, Harriet Harman (Gordon Brown being on holiday at the moment), as the main mitigation of risk arising from this breach.

However, it does call to mind the post I wrote on Day One of this blog, describing the way in which the reliability of any credential depends on a whole chain of events, each of which must contribute to the security of the system as a whole. For example, if the process of issuing a passport to a given individual does not do a good job of establishing that the person in question really matches the details being encapsulated in the passport, the reliabiltiy of the credential is undermined. Likewise, if the process of matching the person against the passport when it is presented can be spoofed, then the passport is not really doing its job.

I referred to this series of events as the "chain of trust", each link of which plays a role in preserving the usefulness of the passport as a credential. Exactly the same principle applies here: if the blank documents are not adequately secured throughout the process of their manufacture and distribution, the integrity of the system as a whole is compromised. (I gave a similar example based on blank birth certificates back in early 2006...).

The other lesson to apply in cases like this, I think, is one derived from the work done by the Liberty Alliance ID Theft SIG (Special Interest Group). One of that group's findings was this: when some form of identity theft occurs, the exploitation of that theft for identity-related fraud very often does not take the most obvious form. If a payment card is stolen, yes, the most common fraud committed is to use that card for fraudulent payments... but in the case of other credentials (such as passports and driving licenses), the exploiters tend to get much more creative. As one counter-fraud officer notes in this passport theft incident - the one thing those blank passports are relatively unlikely to be used for is entry into the UK. The question of how they will get used is probably taxing some creative minds right now.