Oh dear, so the Maximum Tone’s blown the gaff on one of the worst kept secrets in British politics with his recent missive to 27,000 or so signatories to an anti-ID cards petition on the Downing Street website:

“I believe that the National Identity Register will help police bring those guilty of serious crimes to justice.

“They will be able, for example, to compare the fingerprints found at the scene of some 900,000 unsolved crimes against the information held on the register.”

It goes without saying that the 900,000 unsolved crimes statistic is a load of bollocks, as usual - what the police actually have is 900,000 unidentified ‘marks’ (i.e. fingerprints) from crime scenes, which includes multiple fingerprints from individual crime scenes, partial fingerprints that are useless for matching against the biometric data to be held in the National Identity Register and, of course, unidentified fingerprints that are of no relevance whatsoever the crime that took place at a particular scene.

If all this seems farcical, it’s nothing to the reaction of the opposition parties:

Lib Dem home affairs spokesman Nick Clegg told BBC Radio 4’s World at One: “We were left clearly with the impression that the police simply wouldn’t be able to go on fishing expeditions just with their own say so.”

And…

For the Conservatives, shadow home office minister Damian Green said: “It flatly goes against all the undertakings the government gave Parliament during the course of the bill.

“Obviously it has huge implications for people’s privacy if the authorities are going to be allowed to go on a fishing expedition through the files of innocent people.

“Everyone assumes that fingerprint technology is 100% accurate. And it just isn’t, experience tells us that it’s not infallible.

“With the vast number of crimes involved, it is guaranteed there are going to be miscarriages of justice if the government goes down this route.”

All of which appear to rest on a narrow interpretation of a single comment by Tony McNulty (you might guess that this twat would right in the middle of things):

Mr Blair’s email appears to contradict an assurance given by Tony McNulty, a Home Office Minister, when the legislation was going through the Commons in 2005. Mr McNulty said there were safeguards against state agencies “for want of a better phrase, going fishing in the database”.

Assurances, my arse.

Try reading what’s actually in the fucking bill (or Act as it is now) for a change.

The relevant part of the Act runs from s17 to s21, which covers the disclose of information from the NIR to public authorities (including the police and security services) without the consent of individuals - tell you what, let’s include a few selected highlights:

17 Public authorities etc.

(1) The Secretary of State may, without the individual’s consent, provide a person with information recorded in an individual’s entry in the Register if-

(a) the provision of the information is authorised by this section; and

(b) there is compliance with any requirements imposed by or under section 21 in relation to the provision of the information.

Following which the section goes on to specify who the information can be given to - which includes the security services, the police and HM Revenue and Customs. other government departments and any ‘designated documents authority - and what the circumstances in which they can be given the information; i.e. in the interests of national security, for the prevention and detection of crime and, in the the case of HM R&C for:

(c) for purposes connected with the prevention, detection or investigation of conduct in respect of which the Commissioners have power to impose penalties, or with the imposition of such penalties;

(d) for the purpose of facilitating the checking of information provided to the Commissioners in connection with anything under their care and management, or with any other matter in relation to which the Commissioners have duties under any enactment;

(e) for purposes connected with any of the functions of the Commissioners in relation to national insurance contributions or national insurance numbers;

In short, when it comes to collecting tax and locating people to screw the tax out of, HM R&C have more or less the free run of the NIR system, which is all pretty obvious when you come to think about it.

As for the other agencies mentioned, a designated documents authority, as those with a fair memory may recall, is one where the government has decided that to get whatever official document it is they provide you must also take out or have an ID card. So, in a nutshell, this paves the way for automatic updating of things like the Passport, Driving Licence and Visa systems directly from NIR, plus anything else not expressly mentioned in the Act that the government might add at a later stage by statutory instrument - expect to see things like the Criminal Records Bureau, Registrar of Birth, Deaths and Marriages added by the time it goes live, if its not already been added plus the obvious, if rather more controversial future targets, NHS Medical Cards, UB40s (or whatever the equivalent is these days if its changed) and pretty much anything to do with the receipt of welfare benefits, and the Electoral Register.

That just leaves other government department, who can access your information just so long as its:

for purposes connected with the carrying out of any prescribed functions of that department or of a Minister in charge of it.

Which covers just about anything and everything.

Let’s face it, that last bit is a real piece of work isn’t it? What it amounts to is that if the government finds a new use for your personal data it doesn’t necessarily actually have to pass anything so messy as a piece of new primary of secondary legislation - as long as this new function does not require legislation to enable it, it can just tack it on to the duties of the relevant department and away that department goes.

And even such a new function does require legislation, who’s going to think of asking whether it has an implications for the use of personal data from the NIR? After all, this is all in the Act, as passed by Parliament, and if their reaction to Blair’s email is anything to by then none of the bastards noticed it, having been lulled into a false sense of security by Tony McNulty of all people!

Moving ahead slightly, s18 of the Act covers the specifics of using information from the NIR for the prevention and detection of crime:

18 Prevention and detection of crime

(1) The Secretary of State may, without the individual’s consent, provide a person with information recorded in an individual’s entry in the Register if-

(a) the provision of the information is authorised by this section; and

(b) there is compliance with any requirements imposed by or under section 21 in relation to the provision of the information.

The actual payload in this section is ferreted away in paragraph under a bunch of guff about anti-terrorism legislation:

4) The provision of information falling within paragraph 9 of Schedule 1 is authorised by this section if it is provided-

(a) to a person to whom information may be provided by virtue of any of subsections (3) to (5) of section 17 or is made as mentioned in subsection (2) of this section; and

(b) for purposes connected with the prevention or detection of serious crime.

Let’s clarify a few things first.

Schedule 1 actually sets out what information can be held on the NIR and the persons mentioned in subsections (3) to (5) of s17 are the police, HM R&C and other government departments.

And paragraph 9 of the schedule? Well what that covers is the NIRs ‘Audit Trail’, i.e. the record of every occasion that the NIR is accessed in order to verify an individual’s identity, which amounts to:

(a) particulars of every occasion on which information contained in the individual’s entry has been provided to a person;

(b) particulars of every person to whom such information has been provided on such an occasion;

(c) other particulars, in relation to each such occasion, of the provision of the information.

Although not made explicit, one can safely bet that the particular of ‘every person’ to whom information has been supplied will include the location of that person and the time of verification, and therefore your own location at that time.

This is the infamous ‘tracking system’ - make a credit purchase in Currys which requires to you to provide your ID and the NIR logs your location, etc.

S19 and 20, I’ll skip over briefly.

S19 confers the power to automatically update records if anything is found to be in error or incomplete and facilitates data sharing, so if the info on your tax records is found to be out of date when compared to what’s held by the DVLA, then everything can be brought up to date without you knowing about it, while S20 is a catch all allowing the government to tack on new authorised users subject to secondary legislation.

And that brings us to S21, which completes the deal:

21 Rules for providing information without individual’s consent

(1) Under sections 17 to 20 the Secretary of State may provide a person with information within paragraph 2 of Schedule 1 only if he is satisfied that it would not have been reasonably practicable for the person to whom the information is provided to have obtained the information by other means.

You got that? Paragraph 2 of the schedule covers the following:

(a) a photograph of his head and shoulders (showing the features of the face);

(b) his signature;

(c) his fingerprints;

(d) other biometric information about him.

So any of the agencies specified in s17 can be provided with any of the biometric information in the NIR just as long as its for any of the purposes specified in that section - which includes prevention and detection of crime - but only if it would not be ‘reasonably practicable’ to get it by other means.

So when it comes to fingerprints, it would only be ‘reasonably practical’ for the police to get that information if its already in the police’s own system - and if it isn’t they can get it out of the NIR anyway.

This is all already in the Act as it was passed by Parliament, and while the rest of s21 covers all the different circumstances in which the government may regulate how this information is passed on, by statutory instrument, the core principle - that certain agencies have near free reign to mine the NIR for information for certain specified purposes is already clearly established. All that up for debate is how such access granted place, not whether its granted in the first place and about the most that could be done to stymie this would be for the opposition to throw in an amendment requiring a warrant issued by a court to authorise a police ‘fishing expedition’…

…All assuming that further regulations are necessary to facilitate the specifics of police access to NIR, as it could well be argued by the government that this is already covered in other legislation - such as PACE.

This is all there in the legislation that was put to parliament and approved, and yet both the Lib Dems and the Tories are now acting surprised when it turns out that one of main function of the NIR is going to be for it to serve as a full population, master fingerprint database for the police - just exactly what the fuck are we (the taxpayer) paying these wankers for when they go an miss something as fucking obvious as this when its put right in front of them?

Just exactly what kind of fucking morons have we got in parliament that they fail to ask even basic questions when the whole thing is laid out before them and all on nothing more substantial than a one-line ‘assurance’ from a mendacious twat like McNulty?

Let’s not forget here that the only reason that this Act passed was because Cameron allowed himself to be ‘Sir Humprey’d’ in the House of Lords over the question of whether ID cards should be issued alongside passports right from the off and put out the whips to ensure that a compromise clause went through - and then they claim to have completely missed something like this?

Talk about a complete bunch of morons, or what!

Byline: Unity

6 Comments »

And this week’s contender for dumb ass idea of the year is…

Plan to list paedophile web names

Sex offenders could be forced to register their e-mail addresses and chatroom names, the government says.

Home Secretary John Reid said he may make paedophiles put online identity details on the Sex Offenders Register.

Okay, you don’t have to be a genius to spot the obvious problem here - a ‘clean’ anonymous webmail address can be set up in a matter of a couple of minutes, and a new ‘chatroom name’ can be set up in a matter of seconds - so its all very well making that kind of thing subject to stiff penalties if sex offenders change their online IDs but you’ve still got to connect to their ‘clean’ ID in the first play…

.but then it gets worse… much worse.

Mechanisms would be set up to “flag up” approaches by them to sites popular among youngsters, he told the BBC.

WTF?

Email addresses are, at least, nominally unique in the sense that unless a webmail service recycles disused accounts after they’re closed, each individual address can be created only once - if drdemento@freeanonymouswebmail already exists then someone cannot register that exact name again.

BUT…

User names for chat-rooms, public forums and bulletin boards are anything but unique and can often be made up and changed on the spot. Some online system do rule out the creation to duplicate user names, and some don’t.

Further to that some systems require registration details to be validated by an exchange of e-mails - the system sends an email to the address supplied by the user, who must then click on a response link to confirm their registration and validate their email address as being a real one…

…and some systems don’t - in fact there are even anonymity services that provide one shot disposable e-mail addresses for site registrations, addresses that exist only for long enough to establish a user name and password, before disappearing forever into the electronic ‘aether’, systems that were created to bypass demands for personal information from website, which are used people who simply don’t like feedi9ng the gaping maw of online marketers.

I’ve used these systems myself, on occasions, in order to download trial/demo software for evaluation in order to avoid the ensuing stream of e-mails (and sometimes phone calls) from eager sales reps trying to sell me a product that I only really wanted to look at out of sheer curiosity or which does something for which I only have a one-off use - I’ve lost count of the times I’ve downloaded a fully functioning but time limited piece of trial software because it does something I need at that specific time, only to never use it again (and usually get rid of it straight away) because whatever I needed to do is just not something that will crop up again.
And let’s be clear here - what is being proposed here when Reid talks about ‘mechanisms’ that ‘flag up approaches’ to sites ‘popular with children’ is the routine monitoring and checking of user names, by these sites, against a ‘blacklist’ of usernames listed on the sex offenders’ register together with the automated reporting of any users of blacklisted names to the police.

The latest proposal means their online identities would be treated in exactly the same way as their real name, a Home Office spokesman said.

“The home secretary also wants to look at whether it is technologically feasible to set up a system where if someone enters a chatroom with an identity that was already listed on the register, it would ‘ping’ an alert on the relevant people’s computers, enabling them to take appropriate action,” he added.

Failure to divulge all the information required could lead to a jail term of up to five years.

Which would, perhaps, be fine if online user names were, indeed, unique - which they’re not.

The drawbacks to this proposed system lie not just in the ease with which paedophiles might circumvent the system, but also in the potential for the system to throw up ‘false positives’, flagging up and reporting entirely innocent internet users for having the misfortune to have decided to adopt a user name that has previously been used and registered by a known sex offender. It could even by their usual user name, one they’ve used elsewhere on the net for years, as there is nothing whatsoever to stop this being ‘duplicated’ by a sex offender as long as they don’t visit the same websites.
It’s also worth noting that throughout the entire article, the BBC report refers to ’sex offenders’ in a generic manner, when the proposals, themselves, are specific to tacking concerns about paedophiles.

Many, if not most, registered sex offenders are not paedophiles and present no danger whatsoever to children - in fact its perfect possible for a registered sex offender, with no history of offences against children, to be visiting a chatroom or forum aimed at children for perfectly legitimate reasons - they could easily be the parent of a child who uses the forum and, like many dilligent parents, be logging on to the chatroom/forum simply to keep an eye on what their child is up to.

The entire proposal is a complete shambles and clearly advanced put forward by people who haven’t got the first fucking clue how the internet really works.

Byline: Unity

3 Comments »

From a couple of events over the weekend it seems that one of Guido’s hangers’ on has sunk to a new fucking low.

Here’s the story.

On Saturday - a comment was posted here that ‘appeared’ to have come from Rachel North but which actually linked, instead, to a spoofed blogger site full of uberChristian fundie crap, the url for which was ‘rachAelnorthlondon.blogspot.com’.

That site has now, unsurprisingly, vanished into the electronic aether - but more on that in a moment.

My reponse to this, as ever, was to put out an alert that ID’d the spammer, including their IP address, to ensure that they didn’t succeed in leeching hits off the back of both spamming blogs and climbing on the back of Rachel’s excellent reputation.

I also e-mailed Rachel - just in case the fake url turned out to be nothing more than a typo - and posted an update to the effect that the IP address cited should be taken under advisement until Rachel has replied to me after receiving two further comments about the spam comment  - both which were picked up by Spam Karma, both came from obviously spoofed IP addresses and both claimed that the spam comment has used Rachel’s real IP address.
Later on Saturday, a reply came in from Rachel, indicating that she was visiting family over the weekend and hadn’t posted here.

At this point I was harbouring a particular suspicion, the nature of which will become clear in a moment, but on the information I had at the time, I had to go with the alert and leave the IP address is situ - as Rachel was away from home, she couldn’t confirm whether the IP address cited belonged to her or not and without that confirmation the call was between the possibility of other bloggers getting hit with same spam or going with the IP address I had in the knowledge that if it did turn out to be Rachel’s it could be quickly removed and a correction posted.

Today - a number of things have happened. Rachel has posted a comment here and between that comment and a private e-mail conversation its been established that the scabby cunt who posted the comment on Saturday did use an IP spoofing tool to make it appear that comment has been posted by Rachel.

What they obviously didn’t count on, was that I’d check things out with Rachel by e-mail and keep her appraised of developments.

A few quick check also demonstrated that not only has the spoof blogger site miraculously vanished into the thin air, but also that it wasn’t around long enough for Google to either cache or index the site. In other words, it had been specifically set up to try and pull off this spoofing stunt.

NOW, what does this tell us.

First, whoever the cunt behind this is, they’re packing a reasonable amount of technical knowledge - enough to know what an IP spoofer is, where to get one and how to use it.

Second, whoever it was knows Rachel’s real IP address… and that’s not the easiest piece of information to come by unless, the scumbag in question is a blogger or has been fed the information by a blogger, one who’s website Rachel has previously posted a comment, which would leave behind a record of her IP address in the blog’s stats.

In other words, this is ‘one of our own’ trying to pull off this skanky piece of fuckery, and given the events of this that week and the fact that only real common ground between myself and Rachel of late is that we’ve both, to very different degrees, come down on Tim Ireland’s side in his spat with Guido and his sock puppets, this is a clear indicatation that the cunt behind all this is in some way connected with Guido - probably not Guido himself, as if he’s having to appeal for help in tarting up the HTML on his site then its unlikely he has the technical nous to pull off a spoofing attack, but amost certainly one of his personal coterie of sock puppets, intellectual malingers and general hangers on.

Now, where does this take us.

Well, from a personal standpoint, if one of Guido’s sock puppets wants to play tech wars with me, then bring it on, fuckwit.

I’m no novice at this game, nor is ‘Unity’ the only online name I’ve ever run by; its the one I’ve stuck with for a good few years and represents what could be called my ‘white hat’ persona - there’s also a ‘black hat’ persona of mine that’s been in ‘retirement’ for quite some time and if needs be I’ve no problem with them making a comeback, if this shit carries on.

(If all that means nothing to you, btw, don’t worry about it - you don’t need to know, but any techies out there will know what I’m talking about and what I mean).

No, what really fucks me off here is that this particular cunt chose to drag Rachel into it, and Rachel, by her own admission, is a long way from being a techie.

That, in no uncertain terms, is completely fucking out of order and the behaviour of a little cunt of a script-kiddie, not a genuine techie or even a halfway decent ‘netizen’
Its not unknown, on occasions, for a couple of techies to go at it and to make full use of their technical knowledge in the process, but even these rare confrontations have their unspoken rules, one of which is that you leave the non-techs out of it - call it ‘honour amongst thieves’ is you like but unless you’re a complete and utter cunt, you don’t use your superior technical knowledge to fuck over newbies, no matter who they are or how much you might think they’re asking for it.

This is where Paul Linford has made the wrong call in thinking that the ’split’ over Tim’s spat with Guido is simply a matter of people dividing down political lines - it isn’t, because if Tim had made the wrong call and was out of order in taking a shot a Guido, I’d be amongst the first to tell him, and tell him up front.

This isn’t about politics, its about basic standards of behaviour and what’s long been called netiquette. Tim’s standing up for that, Guido couldn’t give a fuck and at least one of his shithead hangers on wouldn’t know what it was if you engraved the word into a baseball bat and fucked them round the head with it under you could read it in the welts on their forehead.

So, to make it absolutely clear, I’ve removed Rachel’s IP address from my post about the spammer - and if you did add it to your blog’s spam blacklist, the please remove it… and if you’ve added it and then forgotten what it is then email me at talkpoliticsukATgmailDOTcom and I’ll refresh your memory.

Beyond that, all I’m going to do is ask that you reflect on the information I’ve laid out above and what that has to say both about what Tim’s been doing in calling out Guido, and what it says about the character of at least one of his scutters, the cunt behind this spoofing attack.

Let’s be honest here. I think most of us know Rachel from her blog, know what she’s been through and especially how she’s one of those bloggers who’s writing brings real credit to the British blogosphere - so even if someone does want to take a shot at me, what possible fucking justification can they have for trying to bring her into it and stitch her up at the same fucking time?

Absolutely fucking none - so just ask yourself just exactly what kind of scumbag cunt would even try.

Byline: Unity

19 Comments »

A bit of light relief before going back to more important matters.

I’ve received two emails in the last 24 hours, that must amount to the worst phising attempt in history.

Prezado cliente, address omitted ,seu e-mail está expirando. Você tem o prazo de (48 horas) para efetuar o procedimento de recadastramento. Caso não seja realizado esse procedimento, seu E-mail será automaticamente cancelado.
Para sua maior comodidade lhe damos o direito de escolher se irá reativar ou cancelar o seu endereço virtual.

Siga as instruções abaixo.

Recadastrar E-Mail
O recadastramento será efetuado na ativação do seu SMTP.
Para fazer a reativação do seu E-mail basta click no link abaixo.

Recastramento do E-mail ( address omitted )

Cancelar E-Mail
Caso queria cancelar essa conta será necessário desativar o SMTP ou esperar 48horas para o cancelamento automatico.
Para fazer o cancelamento do seu E-mail basta click no link abaixo.

Cancelamento do E-mail ( address omitted )

Now you should be able to spot the obvious problem with this email - it’s in Portugese - well the Brazilian varient of Portugese, which is a bit of non-starter.

What the email, from grupoarroba@email.com, is trying to tell is that my Gmail account is about to expire and that unless I click their link and give them my password, it’ll stop working in the next 48 hours.

Now being wise in the ways of phishing I’d ignore this anyway, but what makes this attempt rather amusing is that the sender has not even gone to the effort of trying to make the e-mail look as if its actually come from Google even though the email box to which is was sent and which it claims will expire is a Gmail account - no logo, not even a fake Google e-mail address.

In short, they might as well have sent an email that read ’send us your password, you thick bastard’ and achieve much the same effect.

Damn, even the phishers are getting dumber by the minute.

Byline: Unity

1 Comment »