Proving that ID Cards can’t be cracked

Thanks to @cheshire_puss for the pointer to this ZDNet article about Home Office plans to “engage with the industry to show that we have a ‘gold standard’ card which cannot be changed, modified or cloned”.

On one level, I’m delighted to have an opportunity, at last, to use the word “epistemological” in a blog post (who wouldn’t be…?). Because, on the face of it, the Home Office plans look like a doomed attempt at that epistemological impossibility, the proof of a negative proposition. Industry experts could help the Home Office show an ID card being cracked, could show that it’s possible but difficult, or could show a card successfully resisting a finite number of attempts to crack it… but they can’t demonstrate that the card cannot (ever) be changed, modified or cloned.

On another level, I’m puzzled as to what’s in it for a couple of the stakeholders, should these experiments go ahead. It seems to me that the industry experts are being invited to endorse the security of something which they will then neither implement nor rely on. In other words, the success or failure of the ID Cards they have certified as “gold standard” will depend on factors entirely outside their control.

If they are to bear no liability for this (and let’s face it, why should they), then what is gained by having them ‘initial’ the tests? If they are to be expected to bear some liability for the eventual outcomes of ID Card issue and use, I look forward to seeing what kind of industry experts step forward. Brave fellows, all.

And what’s in it for the citizen-stakeholder? Assuming that the tests fail to prove the negative proposition, will citizens trust the technology more, or will they simply question whatever liability model on which the cards are rolled out?

Lastly, I’m also bemused by the Home Office’s reported explanation of why it doesn’t want to see whether or not Adam Laurie’s claimed attack is genuine: they do not wish to be “overwhelmed by individuals wishing to demonstrate ID card cracks.” Do they think the cards are so insecure that every Trent, Bob and Alice is queuing up to have a go? Or that there are enough nutters out there to mount some kind of Denial of Service attack with a series of trivial attempts? (“Hullo children – and today on Blue Peter, we’ll be showing you how to make your own Home Office ID Card reader, using just this egg carton, some sticky-backed plastic and a roll of tinfoil”).

Seriously, though – why do the Home Office say they are looking for a suitable way to engage with industry to demonstrate that ID cards are secure? I thought CESG had a whole programme to do just that, and that the “E” in CLEF stood for “Evaluation”…

But perhaps I’m very old-fashioned.


3 thoughts on “Proving that ID Cards can’t be cracked

  1. citizendave says:

    What's also odd is that the Home Office didn't engage with industry five years ago to show that it has a "gold standard".We should have had an open specification.

  2. Robin Wilton says:

    It's interesting to note that in 2005, when the French government intentionally solicited a public debate (not just a brief consultation period) on their eID proposals, the feedback was so negative that the implementation was effectively kicked into touch – despite the enabling legislation remaining on the statue books.They have since pressed ahead with e-Passports, done little to put eID cards into practice, and even less towards establishing the most contentious element of the system, the centralised database of citizen data.

  3. The government is adopting the well-known epistemological tactic of monster-barring – ruling out any evidence that might cause the scheme to be changed, modified or cloned. If this tactic is successful, the Home Office claim that the scheme "cannot be changed, modified or cloned" is self-fulfilling.The monster-barring tactic is used in two ways. Firstly, to exclude certain classes of counter-example, viz, those proffered by "individuals". (The only sources of evidence that will be permitted are those large firms that can be bribed by large contracts – this perhaps counts as monster-adjustment.) Secondly to exclude general evidence of "cracking", since we are only concerned to demonstrate the impossibility of three specific verbs "change, modify and clone".Epistemology, huh? There are obviously people in the senior echelons of the Home Office who have read Proofs and Refutations by Lakatos.

Comments are closed.