From the BBC:
John Dempsey Hamilton's birth certificate was one of 44 obtained online and used to apply for driving licences with which to open bank accounts and defraud over £20,000... The crime came to light in February 2009 when staff at the DVLA headquarters in Swansea realised that multiple applications for driving licences were being made from the same handful of addresses...
As anybody who's ever read a spy thriller knows, getting hold of the birth certificate of a child who has died is the oldest trick in the book. While I'm no big fan of 'the database state', I do wonder how much it would cost the Registrar of Births, Marriages and Deaths to merge his (or her) records, so that in future, the birth certificate of somebody who has died also shows the date of death. We could stick dates of any marriages and divorces on there as well for certain purposes (such as when people apply to get married).
Further, as I mentioned in an earlier post, one of the easiest way to track down fraudulent IDs is when there are too many people living in the same address (of which I have first hand experience, the anti-terrorism guys were most interested in what I handed over to them).
Rumours, Half Truths and Myths
1 hour ago
26 comments:
Indeed! Just how long ago was 'The Day of the Kackal' published..?
Shame the author didn't copyright the scam as well as the novel!
In France an Birth Certificate is much, much more. It details the birth of children, marriages and divorces, all annotated and stamped by the appropriate bureaucrat. A right pain in the arse but at the same time it handily blocks, or at least makes more difficult, identity theft.
JM, so you read it too! I've seen this in other books as well so I wasn't sure whom to credit.
B, thanks for that. There's no idea so good that somebody else hasn't already had it, and at least we know it 'works'.
O/T but,
"We could stick dates of any marriages and divorces on there as well..."
I got married abroad last year, and I was absolutely flabbergasted by the 1950's style paperchase necessary to prove I was divorced. Find the court that issued the decree, get them to search their records...
What! Are you pulling my leg? You can't type my name into a computer and just print it off?
Here's a government that wants to spend a fortune on an ID database, that can't be bothered to enter the data it already has. I don't get it.
R le J... "I don't get it".
Simple... The ID database as currently specced is for their purposes and convenience. Your idea would only have much use and convenience for us.
Not a very fashionable thing to say so I'll say it quietly, but umm ...
Biometric ID would solve this problem. You can't spoof a fingerprint stored on the ID!
You Anon have to
BE TAKING THE PISH (not too quietly said)
@Bugger
Why would I be taking the pish exactly?
If your fingerprints are stored on the passport or ID card and you can show that the prints on your own fingers are exactly the same, how is that meant to be spoofed?
Think about it ...
Anon, we are talking about fake ID's here, but your logic fails.
Let's assume that every ID says the person's eye-colour. I have green eyes, so if I present an ID that says the owner should have blue eyes, I get caught out.
Ditto fingerprints - if my fingerprint doesn't match those that the card says I should have, then I've stolen that card or it's fake.
But ... even if every ID has a set of fingerprints attached, who is going to check that lots of different IDs don't have the same set of fingerprints, i.e. that one person doesn't have multiple IDs?
Anon
You are assuming that these documents couldn't be faked or duplicated?
Don't be silly or naive.
I am applying to get my British passport renewed soon and am thinking about applying to the Israeli Embassy for it and French and Canadian one too.
I believe they are cheaper and faster than the UK Passport Agency's offer.
Meanwhile, back at the Barcave
The Financial Times is reporting that UK Government debt is being traded at prices that suggest that the investors are treating it as less than AAA rated. British bond yields have gone back above Italian yields and are approaching those of Portugal, putting the UK right in among those countries so condescendingly referred to as PIIGS for a time by some who thought themselves superior.
Helter Skelter
Batcave, not Barcave although it might be a good name for a shebeen.
B, PIIGGS stands for "Portugal, Ireland, Italy, Greece, Great Britain, Spain".
PS, I look forward to seeing the next Mossad hit being pinned on a UK passport holder called "Bugger".
That is me by the way in the photograph.
If you have a spare half hour follow this ling to Subrosa's blog where I did a guest spot on how I was thus named.
http://subrosa-blonde.blogspot.com/2009/12/message-from-b-panda.html
Stick with it.
But ... even if every ID has a set of fingerprints attached, who is going to check that lots of different IDs don't have the same set of fingerprints, i.e. that one person doesn't have multiple IDs?
You set the identity system to only allow one identity per biometric ... don't you? That's how Heathrow Airport's IRIS system works.
You are assuming that these documents couldn't be faked or duplicated?
Ermm, not if your fingerprints are stored there and it's encrypted. If you think encryption can be cracked you've been watching too many spy filums.
(look who's being silly and naive now ... )
Anon, some smarty pants did that thing with faking fingerprints years ago. That proves nothing. Besides what job is it of the government taking everybody's fingerprints?
If they focussed on tracking down known ID fraudsters without fear of shite like "patient confidentiality" and "data protection" we'd be home free.
And yes, I do have personal experience of this. I once handed over about a dozen clearly fake IDs to Special Branch and they kept saying "I'm sorry, we can't use that - patient confidentiality" and "We can't use that - tax records are strictly private, HM Inland Revenue can't release that info" and "No, we can't use that bank statement because of banking secrecy" and so on.
Well, yes, you can cut someone's finger off or plop somone's eyeball out but then you'd have to kill the person watching you first putting your details on the system and then kill the security guard and the policemen sent round your house and it'd get very very messy and difficult very quickly.
I get the impression IDs are easy to fake badly which is probably why the police weren't especially interested. But think about it - if a biometric passport or ID had all ten of your prints stored, a crim would be very hard pressed to fake all of them. I think it would be impossible actually.
As for the Data Protection Act, I'm a fan of it - you wouldn't believe how powerful and useful it is at getting your way with companies that use your personal information for profit.
Anon, you haven't addressed the point.
I accept, for the sake of this discussion, that fingerprinting might - just might - make it more difficult for a stranger to pass himself off as being me.
But you must accept the main problem with fake identities is people inventing, and passing themselves off as people who do not exist.
If our baddie invents a fake identity, in order to claim multiple benefits (or whatever) then there is no identifiable victim. He would be pretty stupid to open a bank account in the name of 'Mark Wadsworth' because sooner or later it will come back to me and I will be able to prove that I had nothing to do with it.
But what if he claims benefits in the name of "Malcolm Spoonworthy"? There is no such person. No Malcolm Spoonworthy will ever come forward and unearth the fraud. The fact that the so-called Malcolm Spoonworthy's fingerprints are, on closer inspection, identical to those of "Jacob Withsmacky" is irrelevant, because "Jacob Withsmacky" will always cover up for "Malcolm Spoonworthy" because ...
... drumroll ...
they are both the same person!
Then allow me to address it.
When Jacob Withsmacky goes to have his fingerprints input on the system, the system does a quick check to see if its seen them before. If it has seen them as belonging to Malcolm Spoonworthy (or indeed, visa versa), it rejects the person.
Simples.
So I will restate my original assertion - biometric identity passports or ID cards would solve this problem. It may be unpopular to say so but hey, The Origin Of Species was unpopular when it was published - really unpopular!
Anon, biometrics don't make the system impossible to fool, they just make it harder. However, once you've cracked the system you are home and dry, because no-one suspects IDs to be fake any more. The weak spot, AFAICS, is getting at the data (fingerprint, iris scan) between reading and encrypted storage.
Anon, fingerprints are fine if you have a small population of known crims and take fingerprints from crime scenes.
A database containing 61 million sets would throw up far too many false matches and far too many true matches would not be picked up.
See also what Bayard says.
@bayard
The encryption schemes commonly used today are very strong. How many permutations of AES256 are there? (clue: it's not 256)
@mark
A database containing 61 million sets would throw up far too many false matches and far too many true matches would not be picked up.
Hmmm. You've shifted your argument from "It can't work" to "it won't work" and finally to "It might not work if the fingerprint technology isn't up to it".
You think technology is the issue? I'm quite sure it isn't. After all, Biometric passports containing your fingerprints are already a reality across Europe. So, you might think the matching technology isn't yet up to speed but the rest of Europe thinks otherwise (and yes I know you're a UKIP voter!).
Anon, you haven't addressed the point of how fingerprinting would stop people creating fictitious identities for the purposes of e.g. welfare fraud.
@bayard
"Public Key Infrastructure (PKI) is used to authenticate the data stored electronically in the passport chip making it virtually impossible to forge."
They have to say "virtually" impossible because if they say "impossible", someone with nothing better to do will say that it is theoretically "possible" to crack. To put it another way, it is practically impossible to crack. Or impossible using practical means if you like.
Tell you what, if you do break PKI or AES256, drop me a line here and I'll come round to buy you a pint. I'll also give you everything I own for your mathemtically verifiable proof.
Deal?
(Don't worry, I'll give you plenty of time - let's say ... your lifetime?)
Listen, I know this technology is about as popular as a turd in a hot tub but don't kid yourselves that the technology *somehow doesn't work*. Europe's biometric passports already show it does.
@Mark
I have. Only one identity per fingerprint set of ten fingers allowed.
Think about it ...
Post a Comment