ID cards

Belfast · 24-11-2003 12:04am #1

Should Ireland have compulsory ID cards to be carried at all times?

mr_angry · 24-11-2003 12:12am

I was about to vote yes, but then I saw the "safeguards" option. Any such system should have appropriate safeguards. But, yes, I think we should all have ID cards.

ixoy · 24-11-2003 2:52am

Voted "yes" but would actuallly have voted for "only if there are strong safe guards" instead. It's good in principle but needs to be secure. I don't really think there's any justifiable liberty reasons not to implement them and there's some good reasons FOR them.

dahamsta · 24-11-2003 8:57am

When I vote safeguards, I'm talking about safeguards in law, with very large financial and incarceration penalties. I don't want some tosser like McDowell making these decisions, I want it written down in excruciating detail. Oh, and the safeguards should include extremely strict rules about information sharing with other countries, particularly the United States. And none of your sekrit "intelligence" agency agreements either.

Maybe I should have just voted "no"...

adam

oscarBravo · 24-11-2003 11:08am

Senior moment.

I know it's a typo, but when I saw "strong safe guards" in the poll, I found myself wondering: what do the physical strength and security of the police have to do with anything?

When I figured it out, I voted for safeguards. Not that I hold out much hope for this country to do things properly: witness the e-voting debacle.

Syth · 24-11-2003 11:43am

What actually are the main benefits? I can't really think of many cases when I've needed to carry identification with me, so what's the point of makeing it compulsary?

Sleipnir · 24-11-2003 11:50am

Originally posted by Syth
What actually are the main benefits? I can't really think of many cases when I've needed to carry identification with me, so what's the point of makeing it compulsary?

It's not really for you, the law-abiding citizen.
It's for knackers.
They should also have the owners fingerprints on them. Very un-transferable.

SCULLY · 24-11-2003 2:53pm

Originally posted by Kananga
It's not really for you, the law-abiding citizen.
It's for knackers.
They should also have the owners fingerprints on them. Very un-transferable.

lol! Don't know if it's meant to be funny but it is!:D

Compulsory ID cards - you'll have everyone on the boards moaning about civil liberties, but on the surface, seems like a good idea to me!!

SCULLY · 24-11-2003 2:56pm

Just had a look back at the vote :
What does option 3 have to do with anything?

henbane · 24-11-2003 3:01pm

Originally posted by Kananga
It's not really for you, the law-abiding citizen.
It's for knackers.
They should also have the owners fingerprints on them. Very un-transferable.

There is a good argument for compulsory ID cards but that kind of argument is a great one against it. Laws designed "for knackers" are great when you don't think you're a knacker but if a cop decides you are a knacker, you aren't going to be very happy with it.

As for fingerprints, biometrics etc..., why should any of this be any more secure... if you can fake a card without this information, the same is doable with a card with this information unless the people checking these ids have some very expensive equipment and are connected to a big central database which contradicts what your card says.

Imposter · 24-11-2003 3:18pm

Originally posted by SCULLY
Just had a look back at the vote :
What does option 3 have to do with anything?

I presume option 3 has something ot do with the fact that travel between Ireland and the UK is still possible without a passport. I read something a while ago (possibly on BBC site) about how it would weaken immigration control which would be based on the id.

I'd be in favour of it when proper safeguards on data sharing would be implemented and a Garda Ombudsman was in place.

dahamsta · 24-11-2003 4:08pm

Syth, there's lots of reasons, most of them tying into things like security, authentication, accountability. It's about being able to properly identify everyone. However the thread-starter missed out an important aspect of the proposed British system, biometrics. If they mean just regular ID, then I don't see the point.

SCULLY, the thread-starter is likely alluding to the suggestion that Britain will try to force mandatory biometric identification on Ireland if they go ahead with it themselves. The chances of Gov.ie not bowing to pressure on this are slim and none, so the Irish will have to involve themselves in British campaigns if they don't want it.

The main issue with mandatory id is, as has been said, data sharing. Data is worth a lot these days, not just to government and security agencies, but also to business. If the government allows a national id to be used to other purposes - mobile contracts, bank loans, etc - it gets abused like social security identifiers in the US.

The difference being that social security id's can be stolen and spoofed very, very easily. Biometric ID will be locked in, so there's an enormous risk of widespread profiling. Can't get a loan? Never get a loan. Style of fing.

adam

LFCFan · 25-11-2003 11:32am

in many years to come when everywhere is one big wireless hotspot then it will be easy enough for everywhere to have a machine to either scan an ID card or for people to use their thumb print to identify themselves as data will be easily accessed through the airwaves. I know it all sounds very Back to the Future 2y but it'll probably happen. ID Cards right now are a good idea but unenforcable and unworkable and there are too many risks to personal freedom if the cards are easily duplicated. Finger print, retina identification on the other hand is foolproof, unless of course you've access to a nuclear warhead. Then someone might go to the trouble of using plastic surgery, false eyes and false thumbprints. Of course then we have James Bond to solve the problem :rolleyes:

Sparks · 25-11-2003 2:21pm

No. Until I actually commit a crime, I won't accept being treated like a criminal. And being forced to carry identity papers with me at all times is just that. Why not tattoo everyone with their identity barcode? It does everything a mandatory identity card does and it's harder to steal - so why not? Because people wouldn't stand for the idea of being tattooed with serial numbers, for good reason. Mandatory ID cards are pretty much the same thing, except that you can be pickpocketed and the thief can now carry out an act of identity theft in one simple movement of his or her hand.

BTW, what specific problem are identity cards going to solve on their own?

Belfast · 25-11-2003 3:30pm

The ID card can call all useful information
Health or lack of
Criminal record or lack of
Single in number the same number can be used for you passport, task number bank account
This single number must be given to anyone who you are buy or selling goods to (this makes all cash transaction in the economy over €20 traceable and taxable)
The card can also be used when you drive a car. If all cards have a GPS navigation system all car travel can be monitored and people automatically fined for bad driving, speed or parking. This can be used to assess people risk when it comes to car insurance.
Information for the id system can be used to decide what roads are needed or not.
If this was also linked in to mobile phone the Gardaí could keep tabs on all of us.
The idea of barcodes tattoo on people is a bad idea. A computer chip under the skin would work much better. In this way the Gardaí could scan us remotely with having to stop us to ask to see our papers.
1. Then benefits are improved access to vital heath information
2. Better control of crime
3. Reduced tax evasion and welfare fraud
4. Fairer car insurance
5. No more missing person (the Gardaí known where we are all the time)
6. Better planed transport and housing system.
7. Simplify dealing with Bank welfare or other system that require id.
8. Control immigration better

Sleipnir · 25-11-2003 3:38pm

Originally posted by Sparks
No. Until I actually commit a crime, I won't accept being treated like a criminal. And being forced to carry identity papers with me at all times is just that.

You have to have your driver's license at all times when driving. Doesn't make you a criminal. But if you do break the law, the Gardai can confirm you are who you say you are.
National ID card would be the same thing. If you commit a crime, the gardai can confirm your identity.

With regards pickpockets, there would obviously have to be safeguards so that a thief cannot steal your identity such as encrypted information on a chip in the card.

Sparks · 25-11-2003 3:42pm

Belfast, one question - if all your identity verification data is in one single place, be it card, chip or barcode tattoo on your forearm, why do you think Identity Theft (currently the fastest growing crime in the UK and Ireland) would not become worse by several orders of magnitude?

And why should we bother? This is like pushing people to recycle and providing bring points and so on, without taking care of the backend - the actual recycling infrastructure.

It is, in other words, a bad idea.

Imposter · 25-11-2003 3:45pm

Originally posted by Belfast
TThe ID card can call all useful information
Health or lack of
Criminal record or lack of......

Would you trust the guards with all this info? Would you trust them to only use the bit that's relevant at any given time?

or are you just trolling?

Health information might be a good idea if it is only accessible to hospitals and doctors.
Criminal information is not a good idea except for maybe paedophiles and the like.
Social welfare info is good only if the welfare offices have access to it.

It would also help immigration (social welfare again) but only if it was compulsary to carry it.

As for the other big brother ideas well they're just laughable.
I could never see such a system with proper safeguards implemented in Ireland though.

Sparks · 25-11-2003 3:46pm

Originally posted by Kananga
You have to have your driver's license at all times when driving.

So it's stored in the car. That's all. I don't have to carry it with me at all times and be subjected to judicial sanction if I don't have it with me.

But if you do break the law, the Gardai can confirm you are who you say you are.

If I do break the law, they can't do so from papers I have on me anyway, because they don't know if I'm lying or the papers are fake, or whatever.
In other words, the ID card no longer becomes useful when processing criminals because you have to verify their identity from central records.

With regards pickpockets, there would obviously have to be safeguards so that a thief cannot steal your identity such as encrypted information on a chip in the card.

And if the info is encrypted, how do you use it yourself?
A password you say?
You've invented an uncrackable, secure system for controlling access to data you say?
:rolleyes:

Sleipnir · 25-11-2003 4:10pm

Originally posted by Sparks
You've invented an uncrackable, secure system for controlling access to data you say?

Eh no, I did not say. Please point out where I said I've invented such a system.
However, some are good enough. Encryption algorithms don't have to be completely unbreakable, just almost unbreakable, like it would take 140,000 years to crack.
Such as AES with Rijndael.

"using the same technology used to crack DES and a 128-bit key, it would take 149 trillion years to crack AES. Now, this was over a decade ago, but the fact remains that AES is a very good algorithm and is expected to remain the standard for many decades to come. However, like all encryption, AES will be cracked eventually."

So it's stored in the car. That's all. I don't have to carry it with me at all times and be subjected to judicial sanction if I don't have it with me.

You're obviously very worried about Identity theft if you keep your driving license in your car. If someone steals your car they may have your keys, they also have your licence, which of course has your address on it.

Secondly, if you don't carry it while driving then you will be subjected to judicial sanction. Purely on that fact alone.
Even if you have commited no other crime, simply not having the doumentation with you is a punishable offence.
So why are you not crying out about that? Explain how it's okay to be forced to carry ID when you're driving on the road but not when you're walking on the street?

LFCFan · 25-11-2003 4:15pm

why not introduce thumb print identification? You can buy a lock for your front door now that is activated using your thumb print. It would be a million times more secure than anything that's in use today. You use your credit card and then use your thumb print to verify instead of a signature. The Credit card has to be verified by a database anyway so a thumb printed added to your data wouldn't be too difficult. It starts with credit cards and eventually becomes widespread.

Meh · 25-11-2003 4:40pm

Originally posted by Kananga
Secondly, if you don't carry it while driving then you will be subjected to judicial sanction. Purely on that fact alone.
Even if you have commited no other crime, simply not having the doumentation with you is a punishable offence.
So why are you not crying out about that? Explain how it's okay to be forced to carry ID when you're driving on the road but not when you're walking on the street?

Because driving is a privilege, whereas walking on the street is a right.

Sleipnir · 25-11-2003 4:49pm

Originally posted by Meh
Because driving is a privilege, whereas walking on the street is a right.

I'm no even going to answer this one.

dahamsta · 25-11-2003 4:59pm

Originally posted by LFCFan
why not introduce thumb print identification?

http://www.google.ie/search?q=fingerprint+gelatin

adam

Sparks · 25-11-2003 5:01pm

Originally posted by Kananga
Encryption algorithms don't have to be completely unbreakable, just almost unbreakable, like it would take 140,000 years to crack.

Sure, through BFI methods. Unfortunately, they were cracking smartcards through underhanded methods when I was an undergrad a decade ago.
Besides which, you've still to explain how you're going to use the card if the info is encrypted, and how you plan on preventing that weak point from being exploited.
To show what I mean, look at the radio beepers that you unlock your car with - they transmit a random code, but they're cracked by recording the code in it's entirity and playing it back without trying to decypher it.
Similar underhanded methods get around encryption or bypass the need to et past it to commit identity theft.

You're obviously very worried about Identity theft if you keep your driving license in your car.

Actually, I keep it at home unless I'm driving somewhere, at which point I throw it in the glove compartment. I'd keep it at home all the time, except that it's now illegal to do so :mad:

So why are you not crying out about that? Explain how it's okay to be forced to carry ID when you're driving on the road but not when you're walking on the street?

I was. However, the government doesn't much care for what it's citizens think of new laws (and they don't much care for old laws themselves, or current ones), so I've given up wasting my breath on it.
Doesn't mean it doesn't feel like being treated like a criminal though, or that I'm in any way happy with it.

Because driving is a privilege

Meh, that's daft.

why not introduce thumb print identification?

Because I know of at least one man who was convicted for murder on the basis of fingerprint identification alone, who proved to be innocent (the fingerprints weren't identical, just a 99.5% match and they later caught the real murderer)? Or because I personally know one guy who doesn't have thumbs (birth defect)?
Or because relying on a high-tech piece of gear to identify people is a bad idea because it gives one target to aim at to subvert the system?
Besides, right now credit card fraud is a large issue, with shops being caught copying the cards - how hard is it to copy a scan from a fingerprint scanner? :rolleyes:

bonkey · 25-11-2003 5:06pm

Originally posted by Sparks
No. Until I actually commit a crime, I won't accept being treated like a criminal. And being forced to carry identity papers with me at all times is just that.

Interesting take. Surprisingly, the carrying of formal identity is neither a new idea, nor is it something which the "free world" has unilaterally rejected.

From memory, the French have had an ID system in place for a long time now...and if there was ever a nation who was likely to get massively upset at the merest hint of mis-treatment, its most likely them.

And am I mistaken, or do the US not also have a requirement for ID?

The simple fact is that anonymity and security appear to be the antithesis of each other. We have a choice to make as to how much anonymity we are willing to lose in order to gain better security - even ignoring fringe benefits.

Take a simple example....in Ireland, all the banks have gone through a consolidation process, where they have "linked" (or at least tried to) all of an individual's accounts. There is also legislation (unless memory is failing me) limiting the number of accounts you can have, unless you can supply specific reasons for them.

Here in Switzerland, though, that would be perceived as an unacceptable abrogation of the right to privacy. If I want a loan from my bank, I get it from their loan company. I can get it in cash (getting 10K in cash is quite amusing when you don't expect it, I must say) and then go and lodge it to any of my accounts - of which I can have as many as I am willing to pay for. No paper trail, nothing. There is simply no way to directly trace what I do with that money.

Now, many people will be no doubt rushing to the reply button to point out how Swiss banking laws are only aiding and abetting criminals, and just look at the billions that crooks have hidden away here and in similar nations through the existence of such a granting of anonymity. And you'd be right.....but the Swiss would consider anything less as, to borrow Spark's description, "being treated like a criminal".

And thats my point....its all about perception, and what you're used to. Tell a French person that they are treated like criminals by their government for having to carry ID cards, and I'm guessing they will either laugh at you or be insulted in that inimacable French style.

I agree that there are limits to how much information should be centralised, given the limits of trust we can have, or even should have, in the organisations who would secure this data, and who would have access to it.

However, I would not agree that being required to be able to prove who you are at need is being treated like a criminal. If you accidentally (or otherwise) knock someone down on the street and they break their leg...you may be held to account. Even if there's doubt, and you are completely in the right, thats neither your decision to make, nor that of the victim, nor the policeman. So whats to stop you saying you are Joe Bloggs from Everyman Street or simply refusing to co-operate?

Now, we can argue that in such an event, failure to identify yourself could simply allow the police to detain you until such times as you can prove your identity....but the same logic holds true of driving licences. Why require the driver to carry it, when he can just be detained until it is provided, or brought to where he has it stored? Simple - its an impractical use of resources.

At the end of the day, you - Sparks - may be an upright citizen of unimpeachable morals, who would never try and jip the system in such a way. But what will your opinion be if you are the victim, and you get told "sorry sir....we can't actually do anything about that because the person who knocked you down / assaulted you gave us a false name and address". Will you just shrug and say "thats ok officer....I accept that he can do that in order for me not to be treated like a criminal"?

I'm guessing you might not be so philosophical once on the receiving end of someone else abusing the system to your detriment.

There's a balance to be found. Putting your entire identity on an card, or in a single database is simply not the way to go...I agree fully with that. But the need for identification is - IMHO - a real one, and mandatory ID cards, sensibly implemented, could offer an improvement of the use of security resources.

jc

Meh · 25-11-2003 5:14pm

Originally posted by Sparks
Meh, that's daft.

How so? Care to cite any constitutional article, legal precedent or law stating that driving is a right? Driving on public roads is a privilege that is granted by the government once you have proved yourself to be qualified. That is why requiring drivers to carry licenses is justified, but requiring pedestrians to carry ID is not.

Sleipnir · 25-11-2003 5:21pm

Originally posted by Sparks
Sure, through BFI methods. Unfortunately, they were cracking smartcards through underhanded methods when I was an undergrad a decade ago.
Besides which, you've still to explain how you're going to use the card if the info is encrypted, and how you plan on preventing that weak point from being exploited.
To show what I mean, look at the radio beepers that you unlock your car with - they transmit a random code, but they're cracked by recording the code in it's entirity and playing it back without trying to decypher it.
Similar underhanded methods get around encryption or bypass the need to et past it to commit identity theft.

Why do you need to use the ID card for anything? You don't use your driving license for anything. You carry it so that the Gardai can identify you.

Information on smartcard is not encrypted.
Nor is the IR information a beeper sends out to unlock your car.

Let's say a member of the gardai pulls you in for speeding and asks you for your National ID card.
They go to their terminal in the car and swipe the card.
The terminal has the encryption algorithm needed to decrypt the data (or this could be stored at the back-end)
The garda has a code which he inputs to access the code. These could be one-time-use codes such as the ones RSA use.
Even if a criminal steals a terminal, they still need a one-time code to decrypt it, so they need access to the one-time code keyfob and also the garda's password for that terminal. Otherwise they can spend 140 trillion years number-crunching to decrypt.

You could access your own card using a simple passcode. Again, even if your card is stolen the thief would need your passcode and a terminal to decrypt the data.

You wouldn't be able to clone the card as the information on it would still be encrypted.

Now that's a basic rundown! I may have left a few bits out but you get the idea. The technology is there. It's just a question of whether or not the government bother to use it
:rolleyes:

LFCFan · 25-11-2003 5:29pm

Originally posted by Meh
How so? Care to cite any constitutional article, legal precedent or law stating that driving is a right? Driving on public roads is a privilege that is granted by the government once you have proved yourself to be qualified. That is why requiring drivers to carry licenses is justified, but requiring pedestrians to carry ID is not.

So once someone turns 17 they don't have the right to drive? Driving a 7 Series BMW is a privalege. Driving is not. We have the right to drive. Actually, Walking could be seen as more of a privalege as we are privaleged to have legs that can carry us. Driving on the other hand is something that we have the right to do once we turn 17.

Meh · 25-11-2003 5:44pm

Originally posted by LFCFan
So once someone turns 17 they don't have the right to drive?

Correct. They have the right to apply for a driving license and sit the test; the government can grant or refuse a license depending on whether the applicant is fit to drive.

Driving a 7 Series BMW is a privalege. Driving is not. We have the right to drive. Driving on the other hand is something that we have the right to do once we turn 17.

Again, please cite any law, constitutional article or legal precedent that mentions any such right. I can't prove a negative, so if you're going to claim some inalienable human right to operate a motor vehicle in public, the burden of proof is on you.

LFCFan · 26-11-2003 9:31am

Originally posted by Meh
Correct. They have the right to apply for a driving license and sit the test; the government can grant or refuse a license depending on whether the applicant is fit to drive. Again, please cite any law, constitutional article or legal precedent that mentions any such right. I can't prove a negative, so if you're going to claim some inalienable human right to operate a motor vehicle in public, the burden of proof is on you.

Look at it this way. You have the right to run for Irish president if you meet certain criteria. So you can also say that you have the right to drive a car if you meet certain criteria. It doesn't have to be written down for something to be a right. I have the right to eat meat on a Friday. It's not the law, it's just my right.

Sleipnir · 26-11-2003 10:04am

You see? this is why I didn't want to respond to Meh's post.
Now it's a pointless argument about whether it's a right or a privilige to drive or walk.
Which is a little off-topic and a pointless debate in any case.

dahamsta · 26-11-2003 11:04am

Originally posted by bonkey
From memory, the French have had an ID system in place for a long time now

A mandatory ID system? I don't think so, but I wouldn't swear to it. two or three European countries have, but I don't think France is one of them.

And am I mistaken, or do the US not also have a requirement for ID?

Legally, you're not required to carry ID. In practice, it's getting harder to do stuff without it -- for example, John Gilmore of the EFF won't fly now because the airlines require ID; however this was a civil decision.

There is also legislation (unless memory is failing me) limiting the number of accounts you can have, unless you can supply specific reasons for them.

This is a new one on me. How many accounts?

Originally posted by Kananga
Information on smartcard is not encrypted.
Nor is the IR information a beeper sends out to unlock your car.

Both of these are, for the most part, untrue. The information on the smartcard or keyfob is encrypted, the security issue is not with the encryption, but with the interface. In the case of the keyfob, as has been suggested, you just need to intercept the - encrypted - signal to compromise the system. Same goes for RFID ("wave") smartcards. However a smartcard that needs to be "swiped" is more secure because it's more difficult to sniff.

adam

Sleipnir · 26-11-2003 11:10am

Originally posted by dahamsta
Both of these are, for the most part, untrue. The information on the smartcard or keyfob is encrypted, the security issue is not with the encryption, but with the interface. In the case of the keyfob, as has been suggested, you just need to intercept the - encrypted - signal to compromise the system. Same goes for RFID ("wave") smartcards. However a smartcard that needs to be "swiped" is more secure because it's more difficult to sniff.

adam

I meant the swipable cards in this case although I see your point.
Also, on the keyfob data being intercepted thing, here's a simple solution.
Have a different code for locking and unlocking.
If the thief intercepts your code when you're locking you car, it's useless as that code can't be used to unlock your car.
If they intercept your code when you're unlocking your car it's useless anyway cos you're about to get in and drive away!

LFCFan · 26-11-2003 11:41am

Originally posted by Kananga
I meant the swipable cards in this case although I see your point.
Also, on the keyfob data being intercepted thing, here's a simple solution.
Have a different code for locking and unlocking.
If the thief intercepts your code when you're locking you car, it's useless as that code can't be used to unlock your car.
If they intercept your code when you're unlocking your car it's useless anyway cos you're about to get in and drive away!

Is it not a case that when you lock your car remotely, the code is changed each time so grabbing the code from the air is useless because the code will have changed for when you're opening it again????

bonkey · 26-11-2003 3:52pm

Originally posted by Kananga
Encryption algorithms don't have to be completely unbreakable, just almost unbreakable, like it would take 140,000 years to crack.
...
"using the same technology used to crack DES and a 128-bit key, it would take 149 trillion years to crack AES. Now, this was over a decade ago,

You didn't notice the logical fallacy in what you printed?

The time taken to crack AES has fallen by 6 orders of magnitude (thats a million, to you non-mathsy's) in about a decade.

10 years ago, they would have said "150 trillion years". Today, they say "150 thousand years".

So really, ten years ago they *should* have said 150 thousand and ten years".

So, assuming that Moore's Law* continues (and by all accounts, it looks not only set to, but to increase over the next decade), that would mean that in another 10 years time, AES would take a max of a couple of months to crack, and within another decade would take a matter of minutes at most.

So, to say "149,000" years is incorrect, as in all probability it will take less than 20 years.....assuming you don't actually start today.

All of which is assuming also that no-one finds any "shortcuts" to the algorithm. If anyone ever figures a rapid way to factor large numbers quickly, we're screwed without quantum crypto.

(Incidentally, a super-massive database system could, in theory, be capable of "factoring" ridiculously large primes in short order within the next decade as well....which could prove interesting).

jc

* This refers to the exponential increases in computer performance. Effectively, available computing power doubles every 18 months.

dahamsta · 26-11-2003 3:58pm

Originally posted by LFCFan
Is it not a case that when you lock your car remotely, the code is changed each time so grabbing the code from the air is useless because the code will have changed for when you're opening it again????

Yip, that's true for most modern alarm systems. Most.

adam

Sleipnir · 26-11-2003 4:26pm

Originally posted by bonkey
You didn't notice the logical fallacy in what you printed?

The time taken to crack AES has fallen by 6 orders of magnitude (thats a million, to you non-mathsy's) in about a decade.

10 years ago, they would have said "150 trillion years". Today, they say "150 thousand years".

So really, ten years ago they *should* have said 150 thousand and ten years".

So, assuming that Moore's Law* continues (and by all accounts, it looks not only set to, but to increase over the next decade), that would mean that in another 10 years time, AES would take a max of a couple of months to crack, and within another decade would take a matter of minutes at most.

So, to say "149,000" years is incorrect, as in all probability it will take less than 20 years.....assuming you don't actually start today.

All of which is assuming also that no-one finds any "shortcuts" to the algorithm. If anyone ever figures a rapid way to factor large numbers quickly, we're screwed without quantum crypto.

(Incidentally, a super-massive database system could, in theory, be capable of "factoring" ridiculously large primes in short order within the next decade as well....which could prove interesting).

jc

* This refers to the exponential increases in computer performance. Effectively, available computing power doubles every 18 months.

That's grand Bonkey, they were talking about using 10 year old technology on a brand new encryption algorithm.
If it takes 20 years to crack the code then that'll do!

The exact amount of time it takes to crack is less important as long as it takes too much time for a person to bother!
Obviously when it get's to the point where the code can be cracked in a few hours then it's time for a new one.

e.g. Distributed.net won the DES challenge setting a new record of 22 hours 15 minutes in the process.
22 hours? Not bad you might think. But, DES is only a 56-bit key and was first adopted over 26 years ago (1977 to be precise) plus Distributed.net used a purpose-built supercomputer called Deep Crack, in conjunction with the idle CPU time of 100,000 PCs linked via the Internet to crack it.
Most people don't have access to that amount of processing power.
And that's only DES 56-bit, the easiest one to crack out there, not AES with a 256-bit key.

If the federal government in the U.S. have adopted AES as the standard then it's good enough for me.

Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key

Victor · 26-11-2003 6:30pm

Originally posted by LFCFan
So once someone turns 17 they don't have the right to drive? Driving a 7 Series BMW is a privalege. Driving is not. We have the right to drive. Actually, Walking could be seen as more of a privalege as we are privaleged to have legs that can carry us. Driving on the other hand is something that we have the right to do once we turn 17.

You are confusing an absolute right with a licenced right.

Originally posted by dahamsta
A mandatory ID system? I don't think so, but I wouldn't swear to it. two or three European countries have, but I don't think France is one of them.

Most European countries have mandatory ID, France actually being the fascist ones about it (you can always play the fascist card against the German police - but you can't with the French). Much of the ID requirement was a Cold War legacy. These ID cards allow Schengen to work.

Originally posted by dahamsta
Legally, you're not required to carry ID. In practice, it's getting harder to do stuff without it -- for example, John Gilmore of the EFF won't fly now because the airlines require ID; however this was a civil decision.

A friend got stopped for running a stop sign in the states (says he genuinely didn't see it). He was handcuffed and nearly spent the night in jail because he didn't have ID on him.

Originally posted by LFCFan
Is it not a case that when you lock your car remotely, the code is changed each time so grabbing the code from the air is useless because the code will have changed for when you're opening it again????

The car and the fob have the same encryption formula that creates a "random" series of codes, if say the next 10(say) codes will be B, C, D, E, F, G, H, I, J and K (you have just used "A") and you enter one of them it will work. If you enter "L" of "RTDFFS" it won't work. If you enter "A" the system will get paranoid and insist on further checks. That said whos to say there aren't back doors.

bonkey · 26-11-2003 6:30pm

Originally posted by Kananga
If it takes 20 years to crack the code then that'll do!

I'm simply pointing out that saying "it would take thousands/millions/billions/whateverillions of years" is entirely incorrect and misleading.

If you want to switch and say "22 hours is long enough", thats fine, but stop throwing around these "it will take gazzilions of years to break it", because it won't.

For example, anyone in the 70's who said DES would take a million years to crack (although I think they preferred to go for "longer than the lifetime of the universe") would appear to have been out in their estimations by at least 999,980 years.

I'm simply pointing out that your "sales-pitch" figures are equally unrealistic, not that crypto is inherently unuseable. They are nothing more than inaccurate sales-pitch waffle, used to impress buyers and make the public feel safer than they really are.

I'm not interested in whats secure today...I'm interested in how long it will stay secure.

jc

Vader · 26-11-2003 6:40pm

if your going to drive you need your license and if you want to go to a pub etc you need ID but to need ID all the time is just crazy.
I dont want to be stoped by a Garda for ID on my way to a shop.:ninja:

Yoda · 26-11-2003 6:50pm

In the US, there are no mandatory ID cards. The driver's license, however, is carried by almost everyone. It contains your name, your birthdate, your hair and eye colour, your weight, your sex, your address, and a photo of you. In addition, it specifies the kind of vehicle you can drive.

These cards are used routinely by everyone for identification. The photo ID is shown when writing a cheque at the supermarket for instance; the clerk then has cause to believe who you are. Younger people use them as proof of age for purchasing alcohol.

They are pervasive and routine, and no one thinks twice about carrying them. Indeed, the Department of Motor Vehicles in each state also issues non-driver identity cards which do just the same except that you can drive with them. They are sturdy and wallet-sized.

If you get into an accident, they can identify you. If the police stop you for some reason (usually a driving offence of course) they use it to identify you. You can travel between the US and Canada or Mexico with one. They're so ordinary that you can even get baby announcements styled to look like them!

sovtek · 26-11-2003 7:07pm

Originally posted by Yoda
In the US, there are no mandatory ID cards. The driver's license, however, is carried by almost everyone. It contains your name, your birthdate, your hair and eye colour, your weight, your sex, your address, and a photo of you. In addition, it specifies the kind of vehicle you can drive.

And in Texas you have to give the DPS a electronic scan of your fingerprint. All for benevolent reasons, of course.

Yoda · 26-11-2003 7:27pm

In 1997 when I applied to be naturalized as an Irish citizen, I had to go to the guards in Phoenix Park station to be fingerprinted. It didn't bother me.

Imposter · 27-11-2003 8:48am

Originally posted by Vader
if your going to drive you need your license and if you want to go to a pub etc you need ID but to need ID all the time is just crazy.
I dont want to be stoped by a Garda for ID on my way to a shop.:ninja:

But that's the thing. Unless you're doing something wrong you won't/shouldn't be stopped. But, for example, if you're unfortunate enough to have an accident you can be identified very quickly.

Sleipnir · 27-11-2003 9:42am

Originally posted by bonkey
I'm simply pointing out that saying "it would take thousands/millions/billions/whateverillions of years" is entirely incorrect and misleading.

If you want to switch and say "22 hours is long enough", thats fine, but stop throwing around these "it will take gazzilions of years to break it", because it won't.

For example, anyone in the 70's who said DES would take a million years to crack (although I think they preferred to go for "longer than the lifetime of the universe") would appear to have been out in their estimations by at least 999,980 years.

I'm simply pointing out that your "sales-pitch" figures are equally unrealistic, not that crypto is inherently unuseable. They are nothing more than inaccurate sales-pitch waffle, used to impress buyers and make the public feel safer than they really are.

I'm not interested in whats secure today...I'm interested in how long it will stay secure.

jc

First of all Bonkey, why don't you stop mis-quoting me?
It may further your own arguments to do so but it's rude and inconsiderate.

If you want to switch and say "22 hours is long enough", thats fine,

What I actually said was

If it takes 20 years to crack the code then that'll do!

I didn't say it will take a 'gazillion' years to break it irrespective of the fact the computer power will increase. what I said was

Taking that distributed.net took 22 hours to break a 56-bit DES key using a purpose built supercomputer and the idle time of 100,000 computers over the internet.-
1.) How many years will it take for ONE computer to have that much processing power?
i.e. For ONE computer to have the power of 100,000 computers (plus a super computer) currently on the market?
When that does happen (and it will, a good few years away) then we will have ONE computer that will be able to break a DES 56-bit in 22 hours.

Now,

Assuming that one could build a machine that could recover a DES key in ONE second (not 22 hours as above) (i.e., try 255 keys per second), then it would take THAT machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key.

So, when we do have a computer that can break DES56 in one second, that same machine could break an AES128 in 149 trillion years.
That's a fact, it's not a 'sales pitch'

We're comparing like-for-like here. We can't compare with computers 20 years in the future because we haven't managed time travel yet.

And d'ya think maybe someone in a focus-group in the U.S. federal government on encryption (who have taken AES as their stardard encryption for ALL their secure comms) said
"hey, wait a minute guys, we completely forgot to factor in that computers are going to get more powerful too. Doh!"

You want someone to predict the future,
what kind of processors will be out there in 20 years?
How long will it take to break encryption methods we haven't come up with yet?

bonkey · 27-11-2003 11:20am

Originally posted by Kananga
First of all Bonkey, why don't you stop mis-quoting me?

I put quotes inside the "quote" tags so they apear like the text above. I haven't misquoted you anywhere.

And if you go back and check yoru initial quote that I took exception to, it was this :

Encryption algorithms don't have to be completely unbreakable, just almost unbreakable, like it would take 140,000 years to crack.
Such as AES with Rijndael.

No reference to unchanging tech, current tech, etc. etc. etc. Just a figure of 140,000 years which you'll notice is the one that I used in my calculations.

Given that this was several orders of magnitude different to the unattributed, partial quote about DES in the same post, I mistakenly assumed they weren't related figures. Apparently I should have known better.

jc

Belfast · 27-11-2003 11:55am

Originally posted by Sparks
No. Until I actually commit a crime, I won't accept being treated like a criminal. And being forced to carry identity papers with me at all times is just that. Why not tattoo everyone with their identity barcode? It does everything a mandatory identity card does and it's harder to steal - so why not? Because people wouldn't stand for the idea of being tattooed with serial numbers, for good reason. Mandatory ID cards are pretty much the same thing, except that you can be pickpocketed and the thief can now carry out an act of identity theft in one simple movement of his or her hand.

BTW, what specific problem are identity cards going to solve on their own?

The Government has treated us like criminals for years. I am not allowed to own an Ak47 in case I might commit a crime. This goes against the principle of innocent until proven guilty.

Yoda · 27-11-2003 12:08pm

Please read what I wrote regarding the use of driving licences as identification cards in the U.S. No one there considers the carrying of such a card to be a violation of civil liberties.

sovtek · 27-11-2003 1:24pm

Originally posted by bonkey

And am I mistaken, or do the US not also have a requirement for ID?

Nope

sovtek · 27-11-2003 1:29pm

Originally posted by Imposter
But that's the thing. Unless you're doing something wrong you won't/shouldn't be stopped.

So if you aren't doing anything wrong then we should all have cameras in our bedrooms, and the cops should be able to just walk into our homes anytime they feel the urge to do so.
That'd really help Martin with his job (and Ashcroft should you fly to the States:)).

ID cards

Should Ireland have compulsory ID cards to be carried at all times? 47 votes

Comments