Public Service Card - ID card by stealth?

AndrewJRenko

Deleted User wrote: »

That hadn’t occurred to me but wouldn’t it be a great idea. Then they’d know straight away if you had a medical card or not.

Or you could just, you know, show them your medical card - the card designed for use in hospitals, with legislation around how it is issued/used in hospitals, as opposed to a card NOT designed for use in hospitals and with no legislation about how it is used in hospitals?

TheChizler

[Deleted User] wrote: »

That hadn’t occurred to me but wouldn’t it be a great idea. Then they’d know straight away if you had a medical card or not.

Makes sense considering they've integrated the free travel card. One card for accessing all public services. Remove all the redundancy.

I love Sean nos

TheChizler wrote: »

Makes sense considering they've integrated the free travel card. One card for accessing all public services. Remove all the redundancy.

Introduce a single point of failure? Sounds great.

Turnipman

AndrewJRenko wrote: »

Wouldn't it be better to have a sound legal basis for Government requiring a Social Welfare card to get a driving licence?

Not really.

TheChizler

I love Sean nos wrote: »

Introduce a single point of failure? Sounds great.

Obviously you'd need to have a fast track replacement service in place, maybe have a spare, but even all that would be much more efficient than the current system.

AndrewJRenko

Turnipman wrote: »

Not really.

Just so I understand you correctly, you think it's a good idea for Government to widen a scheme like this, without having any policy discussion beforehand and without having legislation in place? You do know that not having legislation in place is what leads to the Government losing legal cases in Court down the line?

TheChizler wrote: »

Makes sense considering they've integrated the free travel card. One card for accessing all public services. Remove all the redundancy.

If that's where were going, we need to have a proper policy debate on this, including broad consultation, and we need to have legislation in place. We have neither of those at present.

CeilingFly

I love Sean nos wrote: »

PAYE worker here and yes I have a concern with the State spending €61m on a scheme without a coherent reason for doing so.

Has nothing been learned from the voting machines nonsense?

There was nothing inherently wrong with the evoting machines.
They were trialled and very successful.

Only when the media realised that election results would be verified in less than a couple of hours and thus preventing up.to a week of counts and recounrs and huge attention on the media outlets, did the media wage a war against them.

To date, no-one has shown anything wrong with them - the hacking claim was dismissed as the machines were not connected to web.

relax carry on

Applied for myself online so I could use the mygovid service. It was simple. 5 minutes and done.

http://www.per.gov.ie/en/government-launches-mygovid-a-safe-secure-online-identity-for-government-services-in-ireland/

swampgas

CeilingFly wrote: »

There was nothing inherently wrong with the evoting machines.
They were trialled and very successful.

Only when the media realised that election results would be verified in less than a couple of hours and thus preventing up.to a week of counts and recounrs and huge attention on the media outlets, did the media wage a war against them.

To date, no-one has shown anything wrong with them - the hacking claim was dismissed as the machines were not connected to web.

They may not be as secure as you think. I work in IT Security and I'm much happier with the current paper based system.

Bruce Schneier is a highly respected security researcher and author, he has written a number of pieces on e-voting:

https://www.schneier.com/essays/archives/2004/11/whats_wrong_with_ele.html
https://www.schneier.com/blog/archives/2017/08/voting_machine_.html
https://www.schneier.com/blog/archives/2016/08/hacking_the_vot.html

AndrewJRenko

CeilingFly wrote: »

There was nothing inherently wrong with the evoting machines.
They were trialled and very successful.

How do you know they were successful? How do you know that the votes entered on screen were the votes totalled and reported?

How do you explain the 1000+ 'missing' votes in one of the trials in Dublin?

Did you read the many submissions, more than 100 iirc, to the Commission for Electronic Voting, including the submission from the very conservative Irish Computer Society? I'm just wondering how much research you did to inform your position.

I love Sean nos

AndrewJRenko wrote: »

You do know that not having legislation in place is what leads to the Government losing legal cases in Court down the line?

That's exactly what they're running scared of. They gave that woman back her pension, the DPC is beginning an investigation and now they're spending €200k on being warm and fluffy.

Sam Russell

CeilingFly wrote: »

There was nothing inherently wrong with the evoting machines.
They were trialled and very successful.

Only when the media realised that election results would be verified in less than a couple of hours and thus preventing up.to a week of counts and recounrs and huge attention on the media outlets, did the media wage a war against them.

To date, no-one has shown anything wrong with them - the hacking claim was dismissed as the machines were not connected to web.

This might be off topic, but the problem with the eVoting machines centered on the fact that the hardware was owned by the Gov and was already obsolete before purchase and the software was owned by a Dutch company who had little knowledge of the particular version of STV that we used.

Furthermore, there was no audit trail from vote cast to count. It was all magic, and instant and unverifiable in the event of a dispute. Computer says NO.

What we needed was a eCounting system that could use a mark/sense system similar to the Lotto cards. In the event of a problem, they could be counted by hand. Essentially machine readable voting sheets.

These PSC are going down a similar road, with hidden data on the card that is not encrypted and can be abused by unscrupulous people.

Legislation and a decent method of security is required. Why is hidden data needed on the card? Surely it should all be on a secure data base.

Seth Brundle

Sam Russell wrote: »

Why is hidden data needed on the card? Surely it should all be on a secure data base.

In IT there is no such thing as secure.
You can go to expensive lengths to protect a network but a determined person or group will manage to find a way in especially when someone somewhere will undoubtedly leave a username and password on a post-it on their desk!

flaneur

The advantage of the current paper system is that it’s done by a very visible and verifiable process in full public view and every step is verified by people looking on.

In a computerized voting system, only people with very high level of software skills could verify it and only if they had full access to the code.

Personally, I can’t see the massive rush in getting the result. It’s an important part of our democracy and it deserves a bit of time and effort put into it.

AndrewJRenko

flaneur wrote: »

In a computerized voting system, only people with very high level of software skills could verify it and only if they had full access to the code.

Even with access to the code, the question remains about how you ensure that the code that you had access to and verified is the code actually running on each of the 7,000 voting machines on election day.

flaneur

Well we’re going way OT but, I think the test should be that a voting system is verifiable and transparent to any citizen, without having specialist skills or knowledge.

Sam Russell

Well, eVoting was sprung on the Irish voters as a vanity project that was ill thought out and ill executed.

The same could be said of the putative ID card that is being introduced as the PSC. No legislation, no plan, no consultation, no budget - just another hair brained ill thought out vanity project to transfer public money into private pockets.

We now have the CC driving licence, the CC passport (which is an addition to the standard passport), and now the CC PSC, the CC medical card, the CC EHIC. My wallet is bursting with all these CCs when I add my credit cards, debit cards, loyalty cards, health insurance card, and some more I do not know what they are for.

Do we need all of these?

I love Sean nos

Sam Russell wrote: »

Well, eVoting was sprung on the Irish voters as a vanity project that was ill thought out and ill executed.

The same could be said of the putative ID card that is being introduced as the PSC. No legislation, no plan, no consultation, no budget - just another hair brained ill thought out vanity project to transfer public money into private pockets.

We now have the CC driving licence, the CC passport (which is an addition to the standard passport), and now the CC PSC, the CC medical card, the CC EHIC. My wallet is bursting with all these CCs when I add my credit cards, debit cards, loyalty cards, health insurance card, and some more I do not know what they are for.

Do we need all of these?

I've also heard that there's a payment that has to made if they haven't deployed 3m of them by a certain date.

M3 anyone?

RustyNut

flaneur wrote: »

Well we’re going way OT but, I think the test should be that a voting system is verifiable and transparent to any citizen, without having specialist skills or knowledge.

The same could be said of these PS cards. After proper discussion and legislation is introduced to regulate the cards, people should have a way to check exactly what information is stored on the card and the accuracy or not of it, who has accessed that information and why. Transparency.

I love Sean nos

RustyNut wrote: »

The same could be said of these PS cards. After proper discussion and legislation is introduced to regulate the cards, people should have a way to check exactly what information is stored on the card and the accuracy or not of it, who has accessed that information and why. Transparency.

Have a read of this. It's the government's first attempt at such an explanation and it's rubbish.

Turnipman

AndrewJRenko wrote: »

Just so I understand you correctly, you think it's a good idea for Government to widen a scheme like this, without having any policy discussion beforehand and without having legislation in place? You do know that not having legislation in place is what leads to the Government losing legal cases in Court down the line?

You are free to interpret my reply in any way that you wish. Far be it from me to restrict your imagination or creative talents.

I love Sean nos

Turnipman wrote: »

You are free to interpret my reply in any way that you wish. Far be it from me to restrict your imagination or creative talents.

Okay. :rolleyes:

AndrewJRenko

Turnipman wrote: »

You are free to interpret my reply in any way that you wish. Far be it from me to restrict your imagination or creative talents.

Nice evasion.

Seth Brundle

kbannon wrote: »

In IT there is no such thing as secure.
You can go to expensive lengths to protect a network but a determined person or group will manage to find a way in especially when someone somewhere will undoubtedly leave a username and password on a post-it on their desk!

Quoting myself but it's relevant...

Security flaw forces Estonia ID 'lockdown'

recedite

kbannon wrote: »

Quoting myself but it's relevant...

Security flaw forces Estonia ID 'lockdown'

Is that really a problem though? Presumably you would have to hand the card to somebody before they could copy the info.
In the same way, if your driving licence or passport fell into the wrong hands, there would be identity info available there for "identity theft"

RustyNut wrote: »

The same could be said of these PS cards. After proper discussion and legislation is introduced to regulate the cards, people should have a way to check exactly what information is stored on the card and the accuracy or not of it, who has accessed that information and why. Transparency.

This seems to be the opposite point of view; the data encryption would have to be weak or absent if the owner is allowed to see it. Personally, I'd be more in favour of this approach.
There shouln't be anything too confidential on it anyway. But the only way you can be sure of that is if you can access it yourself, with some kind of commonly available card reader.

antoinolachtnai

recedite wrote: »

Is that really a problem though? Presumably you would have to hand the card to somebody before they could copy the info.
In the same way, if your driving licence or passport fell into the wrong hands, there would be identity info available there for "identity theft"

No, there is no need for the Estonian card to be in someone's possession for the keys to be compromised and the card used for identity theft.

This seems to be the opposite point of view; the data encryption would have to be weak or absent if the owner is allowed to see it. Personally, I'd be more in favour of this approach.
There shouln't be anything too confidential on it anyway. But the only way you can be sure of that is if you can access it yourself, with some kind of commonly available card reader.

You are in fact entitled to know what data is on the card. (s 263(2) of the Social Welfare Consolidation Act 2005). However, as a matter of course the Department does not appear to be too bothered about honouring such requests.

There is a fairly bizarre and intrusive set of information stored on the card. It is really a hodgepodge with no particular sense to it. It is described in the amended s 263 (1) - see http://www.irishstatutebook.ie/eli/2010/act/37/section/9/enacted/en/html This list throws up all sorts of problematic cases. For example, adopted persons and persons who are in witness protection may be in a difficult position.

It is in some sort of encrypted format. The problem is that no one (possibly not even the Department itself) knows what the encryption is or how it works. (The Data Protection Commissioner asked the Department to disclose details of the security features of the card, but the Department refused to do so. )

The problem is that introducing what seem like 'obvious' features like allowing the punter to have easy access to his own details on the card can turn out to be cryptographically complex to do, without leaving the card open to be accessed by anybody. It can be done, but it requires thought and planning.

The 'smart' features of the card are not being used at all as far as I know (apart from the contactless transport features on certain cards which are really a completely separate subsystem). The most likely reason for this is that they are totally impractical. Massive investment has been made in the smart card and cryptographic features, and they are basically completely unused.

The whole thing is a mess with no plan.

recedite

antoinolachtnai wrote: »

No, there is no need for the Estonian card to be in someone's possession for the keys to be compromised and the card used for identity theft.

How is that, is it some sort of RFID similar to a dog's microchip or a contactless payment card?

If that is the case, then I don't see why they would use this technology as I see no benefit in the circumstances, and it only compromises security.

antoinolachtnai wrote: »

There is a fairly bizarre and intrusive set of information stored on the card. It is really a hodgepodge with no particular sense to it. It is described in the amended s 263 (1) - see http://www.irishstatutebook.ie/eli/2010/act/37/section/9/enacted/en/html This list throws up all sorts of problematic cases.

If it was just an ID card with some basic biometric info on the person, that would be fine. But if the person is a carrying around a whole file on themselves, containing various bits of info that the state has accumulated over time, that seems pointless and dangerous.

antoinolachtnai wrote: »

The problem is that introducing what seem like 'obvious' features like allowing the punter to have easy access to his own details on the card can turn out to be cryptographically complex to do, without leaving the card open to be accessed by anybody. It can be done, but it requires thought and planning.

This is the dilemma. If you make it easy for the cardholder to see what info is on it, then you also make it easier for others to see. The solution IMO is for the card to contain only the basic physical ID info relating to the cardholder, which makes it fit for purpose, but not of much interest to anyone else.

antoinolachtnai

The Estonian card is really designed as a cryptographic device to identify a person as definitively as possible online. This is really the whole point of it. This makes a lot of sense. So many government services are delivered or administered without the citizen being physically present.

No one really knows if the Irish card has the same functionality. There seems to be a lot of confusion. The deeply flawed MyGovID is being used to do much the same thing. Developing MyGovID seems to have been an afterthought.

The issue here isn't really the card in particular. It's the whole system. In many ways it is the central database and how it is being mismanaged that is the problem as much as the card.

You can see the symptoms of this mismanagement with the current adoption mess.

recedite

antoinolachtnai wrote: »

The Estonian card is really designed as a cryptographic device to identify a person as definitively as possible online. This is really the whole point of it. This makes a lot of sense. So many government services are delivered or administered without the citizen being physically present.

OK that makes it a bit clearer, but really they could have avoided the problem by keeping the card and the online account separate.
Look at the way the banks do it. I have online banking, but I don't use my debit card when accessing it.

The way for Irish social welfare to get around this problem is to have a highly encrypted web access, similar to the revenue's ROS service. Then only require user identification once, when they first start using it. Social Welfare could easily do this by requiring people to physically come into the office with their ID cards the first time they login to their account, and thereafter use a a combination of user passwords, verified email addresses and digital certificates downloaded onto the users PC/laptop/smartphone or whatever device they are using.

The card itself only needs to verify a person's ID when they present themselves in person, nothing else.

antoinolachtnai

Well, now we are talking about solutions, but:

- Estonia is trying to have a secure identity solution. That entails secure cryptography. They aren't just providing an 'online account'. It is something much more significant than that. Some banks in Ireland do indeed require you to use your debit card, because of the extra cryptographic protection this provides.

- PSC/mygovid is not a Departmental solution for Welfare. It is not even driven by the social protection department. The approach you describe might work for one department, but it is not really what you need for something that works in a wide variety of contexts for a variety of different organisations. This is what PSC/mygovid is trying to do (badly). I am not sure what you are proposing (loading certs on computers and phones in intreo offices) would be a very practical thing to do in any case.

recedite

After presenting themselves at the govt. office once, and verifying their ID, the person would be given a temporary password which would enable them to download the digital certificate then, or later when they got home. At which point they would put in their own password

Thereafter the online account could only be accessed by somebody using that device and with that password.

The card itself is a separate issue. But as you pointed out, the purpose of the current card is not clearly defined. That is its main weakness.

quickdraw2

The card system is completely broken

"In public key cryptography, a fundamental property is that public keys really are public—you can give them to anyone without any impact in security," said Graham Steel, CEO of Cryptosense, which makes software for testing encryption security. "In this work, that property is completely broken." He continued:

Everywhere the Infineon cards are used they are at risk.

t means that if you have a document digitally signed with someone's private key, you can't prove it was really them who signed it. Or if you sent sensitive data encrypted under someone's public key, you can't be sure that only they can read it. You could now go to court and deny that it was you that signed something—there would be no way to prove it, because theoretically, anyone could have worked out your private key.

Infineon have been covering up since Feb 2017

Irish authorities appear oblivious to the risk.

antoinolachtnai

It isn't really about the 'online account' or securing access to it.

Generating general purpose keys and downloading certs is a complex thing to do securely. There is a lot more to doing it well than the above. If you were going to issue the card, why would you not issue a card with cryptographic features?

The card has many other problems. For example, it is quite expensive but has no business case. The process for issuing it is not really robust. The original mag stripe card was a lot easier to provide a business case for, mainly because it was very cheap and did basically everything that actually needed doing.

The central National Biometric Database is also a very major concern indeed. It also has the problem you point out, of not being clearly defined. But no matter what way you define it, it is problematic either economically or from a proportionality/human rights/data protection point of view, or both.

recedite

antoinolachtnai wrote: »

If you were going to issue the card, why would you not issue a card with cryptographic features?

Fine, as long as the cardholder can still read it, and see what info is on it.

Step 1 is to admit this is a national ID card
Step 2 is to limit it to being just a national ID card, and not a mobile database containing unspecified confidential info about the cardholder.

antoinolachtnai

What is the point in putting any personal descriptive data on the card really? It is a legal requirement, however, and cannot be changed without primary legislation.

The zeroth step might be to accept that we have no need for a national ID card and no public support for such a thing.

By cryptographic features I mean the ability to encrypt and sign. Otherwise there is very little point in having spent so much money issuing such an expensive card.

If the cards the government have bought are broken, as seems likely, then they should just demand a refund on the whole lot.

recedite

antoinolachtnai wrote: »

The zeroth step

Is that the step before Step 1??
Also known as "putting the cart before the horse"
But seriously, most non-criminals have no objection to a basic national ID card. Especially if it increases the efficiency of the public service, which in turn can reduce taxes for working people.

antoinolachtnai wrote: »

By cryptographic features I mean the ability to encrypt and sign. Otherwise there is very little point in having spent so much money issuing such an expensive card.

If the cards the government have bought are broken, as seems likely, then they should just demand a refund on the whole lot.

Presumably the cardholder would also need to be issued with a cardreader then, which would generate a temporary security code to be entered into the website when accessing social services from the armchair.
I'm not sure that most punters would have the cop-on to work through all that successfully, or even if they did, that they would derive any real benefit from it.
Its a far cry from a basic ID card.

And just because the govt. spends a lot of money on something, it doesn't mean that they have bought something worth a lot of money.
Remember Eircodes? €38M for something not as good as loc8 codes, which were basically already there and available for free.

blanch152

antoinolachtnai wrote: »

The zeroth step might be to accept that we have no need for a national ID card

Why not? Every other decent Western democracy has one.

We don't know how bad our tax evasion and social welfare fraud problems are, but from anecdotal evidence, people can get away with such crimes for years on end. That suggests there is a large number of undetected cases out there.

antoinolachtnai wrote: »

and no public support for such a thing.

Which brings us to the public support thing. Much of the public opposition to the national identity card has come from the poverty industry lobby groups. Surprising? Not to me.

AndrewJRenko

blanch152 wrote: »

Why not? Every other decent Western democracy has one.

Really? So the UK and Denmark and Australia and Canada are not decent democracies? And for those that have ID cards, you do know that they are not compulsory in Austria, Sweden, Finland, right?

blanch152 wrote: »

We don't know how bad our tax evasion and social welfare fraud problems are, but from anecdotal evidence, people can get away with such crimes for years on end. That suggests there is a large number of undetected cases out there.

Except that anecdotal evidence is not evidence. It is anecdote, largely from curtain-twitching begrudgers who have no real idea about what is actually going on in that house across the road.

The current system has cost €60m and resulted in fraud savings of €2.5m.

And it doesn't require a national ID card to address welfare fraud. It requires a welfare card, which is what the PSC was supposed to be - but is now growing way beyond the original plan.

blanch152 wrote: »

Which brings us to the public support thing. Much of the public opposition to the national identity card has come from the poverty industry lobby groups. Surprising? Not to me.

Really? So Digital Rights Ireland are part of the poverty industry now?

recedite wrote: »

Is that the step before Step 1??
But seriously, most non-criminals have no objection to a basic national ID card.

Speak for yourself.

blanch152

AndrewJRenko wrote: »

Except that anecdotal evidence is not evidence. It is anecdote, largely from curtain-twitching begrudgers who have no real idea about what is actually going on in that house across the road.

The current system has cost €60m and resulted in fraud savings of €2.5m.

And it doesn't require a national ID card to address welfare fraud. It requires a welfare card, which is what the PSC was supposed to be - but is now growing way beyond the original plan.

But we need to go after those who are working in the black economy as well as those evading taxes. Unless you think that the fraud efforts should only be directed at welfare recipients?

AndrewJRenko

blanch152 wrote: »

But we need to go after those who are working in the black economy as well as those evading taxes. Unless you think that the fraud efforts should only be directed at welfare recipients?

We'd probably get a bigger return going after Mrs Browns Boys staff and crew and the others who are hiding their money offshore tbh.

Sam Russell

AndrewJRenko wrote: »

We'd probably get a bigger return going after Mrs Browns Boys staff and crew and the others who are hiding their money offshore tbh.

Actually, Apple is a low hanging fruit. We already have to take €13,000,000,000 off them, but have failed to do and appear reluctant to even try.

Mrs. Browns boys (and girl) are small potatoes. Bono, Denis O'Brien - both mentioned in Paradise.

AIB, a state owned bank was bending over backwards to assist in this type of enterprise (of avoiding taxes due to the state) while the same state was shovelling funds in through the front door. This is the same AIB bailed out over the Insurance Corporation of Ireland, and the same one that lost $750 million over a scandal with All First. They have a very bad record of poor corporate behaviour. That should include the DIRT scandal, but they have lots of them.

antoinolachtnai

Personation is just one type of tax fraud and social welfare fraud, and the only one the PSC makes any difference to.

It just isn’t a very significant category of fraud.

Brendan Bendar

antoinolachtnai wrote: »

Personation is just one type of tax fraud and social welfare fraud, and the only one the PSC makes any difference to.

It just isn’t a very significant category of fraud.

How do you know that.?

gizmo555

Brendan Bendar wrote: »

How do you know that.?

If you look, for example, at the DSP's own Jobseekers Allowance Fraud and Error survey for 2014, there is no direct reference to any cases of personation. The same goes for the 2016 survey on Fraud and Error in Pensions.

http://www.welfare.ie/en/Pages/Department-of-Social-Protection---Fraud-_-Error-Surveys.aspx

Still haven't seen an argument against public service or ID cards that didn't stink of red herring.

Same for allowing govt to share and use data.

Major cause of frustration and expense/inefficiency.

You'd wonder why there are always voices with endless arguments ready to hand against these initiatives.

gizmo555

Deleted User wrote: »

Still haven't seen an argument against public service or ID cards that didn't stink of red herring.

The argument isn't about the PSC, per se. There are pros and cons to ID cards.

The argument is about the pretence that it's not an ID card, the introduction of an ID card without a proper legislative debate and process, the denial of public services without any valid legal basis, and nonsense like the DSP's insistence that an Irish passport is not a valid form of ID, or the Minister's insistence that the PSC does not use biometric data when the cards are supplied by Biometric Card Services Ltd.

Brendan Bendar

gizmo555 wrote: »

If you look, for example, at the DSP's own Jobseekers Allowance Fraud and Error survey for 2014, there is no direct reference to any cases of personation. The same goes for the 2016 survey on Fraud and Error in Pensions.

http://www.welfare.ie/en/Pages/Department-of-Social-Protection---Fraud-_-Error-Surveys.aspx

Thanks for that, but I doubt if those in command put too much of an effort into combatting personation.

Like the black economy, very little convictions or cases taken for abuses.

We all know it’s rampant .

gizmo555

Brendan Bendar wrote: »

Thanks for that, but I doubt if those in command put too much of an effort into combatting personation.

I don't understand what you mean - isn't that the whole supposed point of the PSC?

gctest50

Are the cards prone to that infineon disaster ?

The flaw, tracked as CVE-2017-15361 and dubbed ROCA (Return of the Coppersmith Attack), allows an attacker who knows the public key to obtain the private RSA key. Depending on what the product is used for, an attacker can use the compromised private key to impersonate legitimate users

Estonia stopped 760,000 cards

AndrewJRenko

Deleted User wrote: »

Still haven't seen an argument against public service or ID cards that didn't stink of red herring.

Same for allowing govt to share and use data.

Major cause of frustration and expense/inefficiency.

You'd wonder why there are always voices with endless arguments ready to hand against these initiatives.

So tell me then, why do we need national ID cards, given that most people already have passport or driving licence? What value are we getting from this €60m project?