Sunday, February 06, 2005

Tony Blair's SuicIDe

Blair's plan to introduce the most comprehensive ID card scheme in the world will either cause his downfall or trigger the biggest cyberwar in history, which he will lose. His plan is that starting 2007, every UK citizen or resident will be required by law (20 new ones!) to have an ID Card. Citizens will have to produce it to a large set of gatekeepers including law enforcement, state benefits clerks, medical administrators, driving license issuers & even retail clerks (to verify credit card transaction).

The Political Battle

Understandably, there's a lot of opposition, since scheme rips up 1,000 years of agonizingly-acquired common-law rights & will reduce security and increase crime. However, the scheme is supported in principal by the main Opposition party. This party is currently in tactical retreat but its leader is a long time supporter of ID cards, so expect it to swing behind Blair.

Accordingly, the battle has moved outside the political parties & there are many excellent people working to defeat the project, examples are here and here. A must read is this on how Australians stopped their ID project. In the face of all the political parties, a popular movement sprang into being.

This movement, the largest in recent Australian history, forced a dissolution of the parliament, a general election, and unprecedented divisions within the Labor government. The issues which were raised in this campaign provide important insights into the range of concerns related to ID cards in every country.

So, if the Brits can repeat the Aussie coup, Blair ends up toast.

However, the Brits may not measure up to the Aussies (who Len Deighton thinks were the best warriors in WW2). So the ID Card may get legislative approval.

And that will make the UK the Number 1 destination for terrorism in the G7 group of nations.

The Cyberwar

If you have a US Social Security number, you'll be familiar with Identity Theft. Anyone who gets hold of your SS number can run up liabilities on your behalf. . However your downside, although horrendous, is limited because the US has multiple forms of ID which the criminal can't get at, for example your driver's license.

A UK database will be enormously more valuable than the Social Security database since it will allow criminals to either insert or steal complete identities. Absent other forms of identity, the terrorist is home and dry.

So the terrorist will work to compromise the UK identity system. All they need is heap of money, a bunch of tech-savvy hackers & muscle. Plenty of all three in the terrorist networks & their state sponsors.

To see how they'll attack the ID scheme, a quick survey of the battlefield.

The Cyberbattlefield

Expect 4 components.

1. A Civil Service team developing the specifications and developing the RFQ documentation. This will likely be not be technically strong (good folks will be off earning real money). This team is already in existence.

2. A database development contractor. This will create the enormous database (probably the biggest ever since they plan to track each credit card transaction), with inquiry and update interfaces to every branch of government. This will be bid to trusted outside agencies, such as EDS, IBM & Accenture. Whoever is chosen will have to be huge, since this is probably £2 Billion contract. Expect whoever is chosen to be not strong technically, highly procedural, & slow. Expect further delays because of the need to use security-cleared people (tough to outsource!).

3. A network contractor. This will supply the secure network out to all those benefits offices, surgeries, police stations, immigration desks, retailers and wirelessly to all mobile law enforcers. Another big contract, I'd guess about £1 Billion including hardware. The sort of thing Racal would once have done and maybe its successor Thales will do. Expect this to be well executed, given the experience of the National Lottery. However expect weaknesses in all their wireless components, since that's new.

4. A peripherals prime contractor and a bunch of subs. Will supply the cameras, retinal scanners & recognition software. Typical device will retinal scan or image face, match with details on the ID card, and connect to central database to validate status and update the subject's records. Most of this stuff comes from outside the UK. Maybe Fujitsu will be prime - they currently supply the new passport swipers used by UK immigration so must have a trusted team. Expect all of these peripherals to be fairly easy to defeat, examples with the current generation given here.

The Cyberbattles

The RFQ Front
This will involve penetrating the emails and document stores of the Civil Service team writing the RFQs. They're probably running Windows and on the secure Government Data Network. However if they have one tiny porthole onto the Internet any competent team will have penetrated them, so they're already toast.

The Card Front
Forged chip & pin credit cards are now being stamped out days after their first introduction, so forged ID cards will be in circulation as soon as the first ones are printed. So 100% certainty the bad guys do this.

The Peripheral Front
Expect this to take a software route since all of the available imaging & recognition stuff will run on commercial OSs. All the attacker needs is an "authenticated" response. The peripherals will come from untrusted sources, there'll be plenty of people with the information needed to hack them. With over 100,000 devices out there, expect this battle to look like a virus war, with the advantage swinging to and fro, but with 75% success to the attackers.

The Network Front
The hard data network will be susceptible but at high cost, I'd say only 10% at risk. So expect he wireless network to be attacked, and since all of the protocols are in the public domain and all itsy bitsy encryption is now crackable, expect 100% success here. This will be provide means of accessing the database.

The Database Front
It's certain that on such a huge contract a few bad guys can be inserted into the team writing this system. So assume that it will be penetrated and there will be multiple admin access points. The bad guys can either get in via compromised wireless remotes, do an IRA and take families hostage to get a DBA to make the required hacks, or just bribe one.

So, it's going to be an exciting few years as this unfolds. Lets hope the political solution works...