A little while ago, James Fairbairn drew our attention to a piece in The Economist on biometric passports, concluding, by way of remark,
Eek! I wonder what Mr Lightfoot would say about this.
Well, true to form, I did comment, but since I suspect that my set of half-dozen readers is mostly disjoint with James's, I'm going to recycle (and proof-read) my comment from last time here.
In case you've remained mercifully ignorant of the biometric passports nonsense, here's a very quick precis.
After September 11th (an atrocity committed, as you will recall, by legal residents of the US travelling on genuine documents) it became vitally important for airport security types to Look Like They Were Doing Something.
Of course, at root, airport security is more-or-less a sham. But naturally this didn't stop them.
(``Goodness,'' you may think, ``that's very cynical! How could you say such a thing? What about all those X-ray machines and metal detectors and beefy-looking security guards frisking people at the airport? It certainly makes me feel secure!'' If so, think some more -- when was the last time that you heard about airport security guards intercepting a bomb in someone's luggage? And the last time you heard about an aeroplane blowing up in mid-air because of a bomb they didn't find? And if security has improved so much since September 11th, how come we haven't heard about all the baggage thieves who've been caught and prosecuted? Admittedly, I'm being a little unfair and anecdotal here. But that's what you expect, right?)
So, in order to be seen to be Doing Something about airport security, the Americans hired lots more airport security people and had them inspect travellers' shoes and occasionally deport Canadians to Syria (where they get tortured) for no reason. But obviously no modern security panic-reaction would be complete without an appeal to the miracles of `biometric' technology, and so it was duly decided that in the future passports would carry `biometric' details of their holders.
The idea here is that, to stop THE TERRORISTS from stealing other people's passports and travelling using them, you put some biometric information on every passport, and check that it matches the person carrying the passport whenever they travel.
But instead of using a credible biometric (expensive, and not very reliable), the biometric passport standard is designed to use only a digitised photograph of the passport holder. This can then be used as a `facial geometry biometric' (not quite as expensive, and hopelessly unreliable).
You will not be surprised to hear that I expect this to be a balls-up.
Very probably the technology won't work at all, and anyway the facial biometric is so laughable that even if it does work the effects will be counterproductive. But there are worse balls-ups in progress. At least the biometric passport nonsense isn't predicated on a central database (though you may have noticed that the Home Office have repeatedly lied that most of the cost of their ID cards scheme will have to be spent implementing biometric passports anyway).
In more detail: the plan is that you put an RFID chip on the passport which contains a certain set of data. That data is signed with a key owned by the passport-issuing authority, so that -- assuming that you have a reliable key distribution policy (not too hard with only ~150 countries out there, each with ~1 passport issuing authority) -- you can verify that the stuff on the chip is authentic.
Then, when the subject presents their passport at the airport or whatever, you take a photograph of them and compare it, using the miracle of facial biometrics, to the digitised photo on their passport. If they have exactly the same facial expression, facial hair etc. as when their passport photo was taken, and the lighting at the immigration desk at the airport is exactly the same as it was in the photo booth when their photograph was taken, then the system will say, ``this person is carrying a passport which was issued to them by the such-and-such passport agency''. If any of those conditions are not satisfied (which happens >10% of the time even under good conditions in tests), then the system will say this person does not match their passport photograph, and are therefore probably one of THE TERRORISTS.
(As an aside, I was going to write about the miracle of facial biometrics in more detail, but I'm not sure how many of my half-dozen readers can find it in their hearts to laugh at misapplied matrix algebra. Suggestions gratefully received.)
The next step, of course, is that each country records people's passport numbers and facial biometrics and uses this to detect people using more than one identity. This won't work at all, because of that 10% error rate. (NB, before you think I've made a mistake, that these systems are usually tuned to have equal false positive and false negative error rates.) Of course, we would all Heartily Endorse a scheme to prevent people travelling on false passports; after all, it's not like we give a fuck about refugees any more, is it?
Of course, using RFID for this is a fucking stupid idea. Most trivially, it means that anyone with enough technical wherewithal (not all that much...) can steal your personal data and use it to impersonate you in non-passport contexts. It probably also opens up all sorts of exciting man-in-the-middle attacks, too. For instance, I could arrange that the chip in my passport just relays requests and responses through to the person behind me in the queue. Given the 10% error rate -- and assuming that the 10% of comparisons which give false negatives are ignored, rather than resulting in instant deportation to `Camp X-Ray' or a Mukhabbarat torture chamber -- and the difficulty even trained people have in comparing photos to people (typically making mistakes on 43% of occasions), I would expect this attack to work rather well.
So, its another broken-as-designed idea from the wacky world of biometric security. Surely you dont expect me to act surprised?
Biometric passports... they're sort-of like ID cards. But only sort-of. So you only get one holiday photo:
So, that locking people up for no reason whenever the Home Secretary says so, eh? You won't be surprised to hear that, given my opinions of recent Home Secretaries, I'm not in favour of them giving themselves the power to put people in prison or under `control orders' (house arrest) purely on their own say-so; but of course in a civilised society nobody ought to have that power anyway.
Now, the usual way that we're supposed to deal with people planning criminal acts is:
Charles Clarke and his predecessor are very keen to skip step 3, which as you can imagine can be time-consuming and doesn't always work. Sure, it means abandoning habeas corpus, the right to a fair trial, etc. etc., but think how much easier life for the security services would be without having to try the people they catch. The time saved could be spent rounding up more suspects, thus allowing them to meet their targets more efficiently and fill out more of those all-important forms.
One argument against trying terrorist suspects such as those who are currently being held in Belmarsh is that the evidence against them chiefly comes from `sophisticated electronic surveillance techniques' or some other similar formula. If a trial were allowed, then these suspects would come to know something about these techniques (as well as other inconvenient secrets such as what they're being accused of). This is, bluntly, a silly argument. At the risk of offering aid and comfort to any of THE TERRORISTS who are to be found among my half-dozen readers, here is a quick guide to some of the sophisticated techniques the security services can use against you:
So, now I've revealed that, there are no remaining reasons not to use surveillance evidence in terrorism trials. No secrets about surveillance will be revealed, the alleged terrorists in Belmarsh can be tried in a court of law; and we can abandon all this banana-republic nonsense of locking people up on the Home Secretary's whim. As a final act, Tony Blair can give me a knighthood for solving the problem of justice for terrorism suspects while preserving some of what's left of our civil liberties.
(Obviously that last bit was a joke. Tony Blair couldn't give a toss about our civil liberties.)
A cynic -- as never to be found on these pages, but humour me for a moment -- might suggest that the real reason that the government are not prepared to permit the use of surveillance evidence in trials of these terrorism suspects is that... the evidence is, in fact, rubbish. But what are the chances that the government would use dodgy intelligence evidence to support some improbable stunt in the ``war on terror''?
One might also interject here that, if these surveillance techniques were so good and so secret, revealing something about them might act as a deterrent to wrongdoers. For instance, if you knew that MI5 might be listening to your phone calls, you might be reluctant to call up Uncle Osama and ask him what he'd like you to blow up. And, indeed, the proposed `Control Orders' will give the Home Secretary the power to prohibit anyone he likes from using telephones or the internet. Of course, if THE TERRORISTS aren't ever on the phone to al Qaeda, we presumably won't ever be able to gather any evidence on what they're planning, but leave that aside for the moment. Indeed, for ever, probably, since I don't think this Government will answer that point.
To be fair, Charlie the Safety Elephant also argued on Today this morning that his job as Home Secretary is to ensure that the country remains safe, whereas the job of the courts is something tedious to do with enforcing justice and upholding people's rights and whatnot. And who could wish for better guardians of the safety of our country than these? I leave you with the words of Lord Hoffman:
The real threat to the life of the nation, in the sense of a people living in accordance with its traditional laws and political values, comes not from terrorism but from laws such as these.
Just propagating links again, I'm afraid: WriteToThem is a new and extended version of FaxYourMP. Type in your UK postcode and send a letter to any of your elected representatives -- councillors, MPs, MEPs, MSPs or assembly members -- instantly and for free.
This can probably also serve as an explanation for the paucity of posts here lately. And as a substitute for actual content, here's a picture I drew a while ago while trying to understand how the UK's electoral geographies are arranged:
The (marginally) interesting thing to note about that picture is that it is both inaccurate and an oversimplification of the true situation....
This is all done with wwwitter.
Copyright (c) Chris Lightfoot; available under a Creative Commons License. Comments, if any, copyright (c) contributors and available under the same license.