Government to end investment in Gov.uk Verify digital identity system

xxx

The Department for Digital, Culture, Media and Sport (DCMS) took over policy responsibility for the digital identity market in June and is working on a plan to stimulate an ecosystem of providers based on government-backed standards for interoperability of digital identities, and opening up application programming interfaces (APIs) to public sector databases such as passports and driving licences.

From Government to end investment in Gov.uk Verify digital identity system.

xxx

POST It’s worse than you think

A generation back, in the July 2000 edition of Harper’s Magazine, Dennis Cass wrote (in an article on Silicon Valley) about “the kinds of things you’ve heard bores like Nicholas Negroponte drone on about in Wired magazine, like shoes that can send e–mail to other shoes”. I wrote this down at the time, because I had previously met Nicholas (who wasn’t boring at all) and remember thinking that Dennis’ was an interesting perspective from a non-technologist looking at what technologists were doing. And it was a funny example.

Shoes that can send e-mail to other shoes! Ridiculous. And yet a couple of years ago, through the miracle of Twitter, I found a piece on bluetooth connected “smart” shoes. The dystopia is here. It’s only taken a couple of decades to get this point, but it’s something to celebrate. I can confidently predict that our shoes will be getting hacked from now on. After all, if the makers of bluetooth connected sex toys are unable to keep them secure, the makers of shoes haven’t a prayer.

This is a confident prediction. I remember reading an article about the Internet of Things (IoT) in the New York Times. It was about the poor state of IoT security and it referenced noted security expert Bruce Schneier, who was arguing that the economic and technical incentives of the internet-of-things industry do not align with security and privacy for society generally. He has previously said that given that lack of alignment the government must step in. He says the lack of security is a kind of invisible pollution and that “like pollution, the only solution is to regulate”.

(I made a podcast with Bruce around a decade ago and can tell you straight that  he has already forgotten more about computer security than I will ever learn — and is a very nice guy. From what I know of the topic he is of course completely correct: this misalignment not only means we have no real security at present, it means that things can only get worse.)

As Bruce points out in his excellent new book “Click Here to Kill Everybody: Security and Survival in a Hyper-connected World”, we are now in a situation where the lack of any security infrastructure means that anything that can be connected to the internet can be hacked. And since everything is connected to the internet, everything can be hacked.

Oh dear.

Of course this isn’t just about sex toys. This isn’t just about hackers having some fun or commercial rivals causing trouble. I don’t want to be overlay dramatic, but I think you can argue that World War III has already started, it’s just that we haven’t noticed because it is in cyberspace. And as noted media theorist Marshall McLuhan observed way back in 1970, “World War III is a guerrilla information war with no division between military and civilian participation”. In other words, there’s a cyberwar going on, and we are all participants.

It’s not a one-off, either. Bruce says in his chapter on “Everybody Favours Insecurity” that cyberwar in the new normal. I think he is once again spot on. We need an infrastructure for everything, because everything is at risk.

So if the only solution is for the government to do something, what should it do? Well, there are all sorts of things I am sure, but surely one of them must be to act to facilitate the introduction of a digital identity infrastructure of some kind. Identity isn’t just about people, it’s about everything. And unless there is some way for my sex toy to know that it is me calling, or for me to be sure that it’s my sex toy I’m talking to, then the friction attendant on the online economy will be so great as to dissipate the benefits.

Now, an infrastructure doesn’t mean a single solution. There’s a payment infrastructure that both me and my local shops tap into, but within that infrastructure I can use my Barclays debit card or John Lewis MasterCard, my American Express charge card or my Barlcaycard. And I can use any of those cards in many different kinds of terminals connected to many different networks and acquirers. And it all works.

 

We need a digital identity infrastructure that is as effective as this payments infrastructure. That is, most of the time you won’t need to think about it.  Just as I have half a dozen cards that’s all function within this infrastructure but under my control(In other words, knowing that they will all work) it seems reasonable that within I should have half a dozen different digital identities and I can choose from one of her transaction basis, safe in the knowledge any one of the more work. So what is it that is stopping us from getting to this infrastructure?

There is, however, one important difference colon the digital identity infrastructure has to be for everything full stop now, that is a much more complicated goal then it sounds at first full stop take my car for example colon there’s the identity of my car comma defined in terms of its relationship with me. But what about the components of the car? Suppose I want my car to be able to check where it’s components of come from or to assess whether the components are real or counterfeit?

Why your fraudster could be getting better customer service at the bank than you are

xxx

Start-up bank Monzo said its phone lines are regularly inundated with calls from suspected scammers complaining that their accounts have been frozen.

The bank will shut down accounts it suspects of being fraudulent but, not wishing to tip off a potential criminal, will not inform its owner why.

Oblivious criminals often then ring up to complain, with elaborate sob stories reportedly involving audio recordings of babies crying and desperate pleas of needing the account unfrozen.

From Why your fraudster could be getting better customer service at the bank than you are.

xxx

If you’ve been sent bank details by email, be warned | Money | The Guardian

xxx

I had asked my financial adviser at Brewin Dolphin for the relevant bank details and he sent them by email.

From If you’ve been sent bank details by email, be warned | Money | The Guardian.

This is dumb, pure and simple. If someone sends you sensitive personal information using unencrypted e-mail then you must assume that they are at best reckless and at worst utterly uninformed. What the financial adviser at Brewin Dolphin should have done, of course, is refuse to engage in such absurdly risky behaviour and asked the customer to contact them using a secure messaging application (eg, Signal).

Wary of crypto, UK government blocks Royal Mint’s digital gold | Euronews

xxx

Britain’s Royal Mint has frozen plans to launch a digital gold token after a partnership with U.S. exchange group CME failed and the government vetoed a plan to have the tokens trade on a cryptocurrency exchange, three sources told Reuters.

From Wary of crypto, UK government blocks Royal Mint’s digital gold | Euronews.

xxx

Australian woman arrested over AU$450,000 Ripple theft | ZDNet

xxx

Victoria Police earlier this month warned against falling for a scam that saw four people lose a total of AU$50,000 after depositing funds into a bitcoin ATM.

The Maribyrnong Crime Investigation Unit said the four victims from the eastern suburbs were told that they owed a tax debt and that if they did not pay up, they would be arrested.

From Australian woman arrested over AU$450,000 Ripple theft | ZDNet.

It’s easy to dismiss people as being victims of their own stupidity 

Contactless payments hit record levels as contactless fraud follows | The Paypers

xxx

Fraudsters are now using ‘contactless skimming’ machines to read credit card information right out of your pocket, then use a merchant account to make contactless payments. In a 2013 study published by the University of Surrey, a team managed to ‘successfully receive contactless transmission from distances of 18 to 31 inches’ using a skimming device.

From Contactless payments hit record levels as contactless fraud follows | The Paypers.

xxx

Losing contact (with reality)

According to a number of press report, the Abu Dhabi police are warning local residents that money may be stolen from their bank balances through “electronic magnetisation” and “exploitation of contactless payment technology”. I’m pretty sure that I would be concerned about electronic magnetisation too (if I knew what it was) so I will take this warning to wary to heart the next time I visit. The magnitude of the problem must be such that there is general panic amongst the contactless crazy residents of the… oh, wait. It turns out that Colonel Amran Ahmed Al Mazrouei, Abu Dhabi’s director of criminal investigations, has said that “although such thefts were possible, none has so far been recorded in the emirate”.

To the best of my knowledge, none have so far been recorded anywhere else either. When I went to look for evidence of criminal enterprise, I came across yet another alarming statement. According to The Paypers, fraudsters are now using ‘contactless skimming’ machines to read credit card information “right out of your pocket” and then use a merchant account (not sure what they mean by this) to make contactless payments. The article goes on to note that “in a 2013 study published by the University of Surrey, a team managed to ‘successfully receive contactless transmission from distances of 18 to 31 inches’ using a skimming device”.

Wow.

That sounds amazing. I’m astonished that banks could be irresponsible to issue contactless card at all if they are so prone to fraud and they must withdraw them… oh, wait. It turns out that of you read to the end of this paper, you will see… “This work was funded by EPSRC and Consult Hyperion“.

Ah.

Indeed it was. And it was a brilliant piece of work which included some innovative engineering. You’ll particularly like the bit about using a shopping trolley as an eavesdropping device. But if you read our Tomorrow’s Transactions blog about this in detail, you will find that “Just as when we did the original risk analysis on contactless in 2007, the conclusion is that contactless bank cards are fit for purpose”. Sorry to disappoint, but the sky isn’t falling in, no matter what the papers (or the Paypers) say!

A Unified Theory of Everything Wrong with the Internet

xxx

“This isn’t anonymity in the sense of real names versus fake names. The names we use are irrelevant. This is about a mental detachment from physical reality. The design of our devices acts to transport us into an alternate universe.”

From “A Unified Theory of Everything Wrong with the Internet”.

xxx

Design a site like this with WordPress.com
Get started