" /> net.wars: March 2006 Archives

« November 2001 | Main | April 2006 »

March 31, 2006

Protect people, not data

I spent some of this week talking to parents about the phenomenon of fingerprinting kids in schools for the Guardian. (Surely fingerpainting was more fun.) One of the real frustrations among the people I spoke to was the lack of (helpful) response from the Information Commissioner's Office.

The systems that are being deployed in many school libraries in the UK (with doubtless other countries to follow if they succeed here) are made by Micro Librarian Systems. The fingerprinting side of it is really an add-on; without fingerprint readers, the kids use barcodes. One of the system's selling points seems to be that it doesn't need adult supervision, unlike library cards.

You can see why fingerprints sound appealing as a way to unlock the system: quick, easy, efficient, nothing to lose and/or replace. Slight problem, maybe, that kids' fingers are often dirty, sticky, or damaged, but at least they can't lose them.

What took me aback a bit was discovering that MLS has on its Web site – and quotes to schools – letters from the Information Commissioner's Office and from the Department of Education saying they saw nothing wrong with the system.

It's not my purpose here to rehash whether fingerprinting kids to let them take out library books is appropriate; the parents who were against it had plenty to say in my Guardian piece. But the whole incident has made me think about the role of the Information Commissioner's Office. Whenever I've spoken to anyone there it's seemed clear that ICO's job (PDF) is to explain the law and ensure that organizations obey it. They don't go around looking for things to investigate; they respond to complaints from the public. In this case, they say, they haven't had many. They do advise, as the letter MLS received says, that schools consult parents before instituting fingperprinting "as it may be a sensitive issue".

Indeed, it might. It's a measure of how much both technology and the willingness to be monitored are infiltrating everyone's consciousness that there has been so little public outcry over this. The manufacturers are, of course, very reassuring: the system doesn't store whole fingerprints but an encrypted, very large number mathematically derived from the scanned finger. The image cannot be reconstructed from the number.

But that doesn't actually help because if what unlocks the system is the number it is actually more easily forged than a fingerprint image would be. Now, no one's suggesting that some crook is going to break into a school and steal the computer that holds the kids' fingerprints just so he can take out all the library books. If you were told that your government records were protected by a very large number in encrypted form would you feel reassured that it wasn't an image? I'm not sure you should, because first of all, even encryption that can't be cracked today probably can be tomorrow. Second of all, there are plenty of people out there with good reasons to try to deconstruct how these systems work. And third of all, a number is, well…sometimes it's just a number. In the case of MLS, it's a number generated by a system created by Digital Persona, who supply enterprise biometric solutions to all sorts of other clients. How many of them will accept the same numbers because they use the same algorithms?

In this case, it seems to me that it's not sufficient to say whether the precautions taken to protect the data are adequate. It seems to me the real question is whether the proposed system is proportionate to the problem it's being installed to solve. Is the desire to provide a quick and easy method for kids to check out their own library books sufficient justification for fingerprinting children? This is a question the ICO is not in business to answer.

It's always seemed to me that no amount of data protection really solves anything: data always seems to go where it's not supposed to, whether that's because someone leaves a laptop in a cab or a CD in the back of an airplane seat, or because the database's owner has become infected with what writer Ellen Ullman has called "the fever of the system". The MLS literature states that fingerprints are removed from the system when the child leaves school. But how would a parent check this? And how often do people really throw out data they have. You never know, you might need it someday.

It seems to be an inalienable truth of human nature: if you have two databases you want to link them together; if you have one database you want to keep adding to it and using it for more and more stuff. In the end it's like Mark Twain's old adage, that "Three people can keep a secret if two of them are dead." Databases are not designed to keep secrets; they are designed to help people find things out. If you really want to protect privacy, the only certain option is not to create the database.

In the meantime, it would be nice if the ICO's job description and title went further to ask, "Is this an appropriate use of technology? Is it possible there will be consequences down the line that make this a bad idea?" Now that the government has its way to build the national identity register, these are questions we should all be asking.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. She has an intermittent blog. Readers are welcome to post there, at the official net.wars blog, or to send email, but please turn off HTML.

March 24, 2006

The IDs of March

Ping-pong is so much fun. If you haven't been following the ins and outs of the latest incarnation of the Identity Cards Bill, it's on about its fifth bat between the House of Commons and the House of Lords, with doubtless more to come. In the fourth bat, the Lords had proposed an amendment making the system opt-in until 2012, which would have meant that when you applied for your new passport (or other designated document, such as residence permit or driver's license) you would have the option of also being added to the National Identity Register and an ID card. That, of course, is not what the government wants.

Despite all the lip service paid in the election manifesto to the scheme's being voluntary, the government wants registration to be compulsorily tied to the issuance of documents that most people want to have. In the government's scheme, the ID card will be "voluntary" in the sense that having a passport is "voluntary". Don't want an ID card? Fine. Don't travel, and if you drive, don't lose your old license, change address, or turn 70. (For Americans: old-style British licenses are a fancily printed piece of folded paper that are valid until you're 70; these are gradually being replaced by new-style plastic photo licenses that are valid for ten years, but it's a very long process. Few people in Britain carry them as daily identification, and the only time you need to produce it is within ten days of being stopped for a traffic violation, so there's little incentive to update them.)

The Commons rejected that (PDF). What's supposed to happen next: the House will reject the Lords' amendments again, and the Lords will amend it again.

We even know something about how the Lords will try to amend it: Lord Armstrong of Ilminster has already tabled the amendment to be proposed. The new amendment will offer people the chance to opt out of registering in the national identity database and acquiring an ID card alongside a passport application. It's an interesting idea for a compromise. Most people will not bother to opt out. The ones who do will be the ones who otherwise might decide to forgo travelling in order to avoid registering as long as possible.

If that amendment were to succeed—and it seems likely to garner more support than the last round—there is one significance class of people we know would not opt out of getting ID cards: criminals. Just as you'd probably opt to wear a business suit and tie and get your hair cut respectably short if you were a dope dealer traveling internationally, if you are up to any nefarious schemes you will want the credibility having an ID card will lend you.

Eventually, the most likely outcome is that the Commons will win. There are several reasons for that, none of them really to do with ID cards. The most important is the balance of power between the Commons and the Lords: everyone agrees that the Commons, as the elected body, has supremacy. But the whole mess could easily drag on long enough to block the bill until everyone goes on their summer vacation. If the Commons has to invoke the Parliamentary Act to override the Lords' dissent, we could be into November before the government can even get going on it. The ID card is already behind the govenrment's original schedule. But, hey, what's the hurry?

The ID card is becoming secondary in these debates to the question of how much say the Lords should have and how much the government is railroading its proposals through. The ID card is increasingly controversial; the most recent YouGov/Daily Telegraph survey (PDF) showed only 45 percent in favor of the thing, and support decreases when the estimated cost rises from £6 billion (government) to £18 billion (LSE's upper figure). Are the Lords in fact more representative than the elected Commons?

It's interesting to consider this question in the light of the Power Inquiry, which is considering the question of voter alienation. Two of its conclusions: that there should be a "rebalancing of power away from the executive and unaccountable bodies towards Parliament and local government" and that electoral systems should be more responsive "allowing citizens a much more direct and focused say over political decisions and policies". Exactly the opposite is happening with respect to the ID Cards bill which, given the size of the shift it would cause in British national life and its cost, arguably should be the subject of a referendum.

In this context it's also worth reading testimony given recently to the US Congress by Stephen T. Kent, author of two books on ID card systems about the difficulties of doing what the UK government is proposing (and the US government has in mind with Real ID). Kent reminds us that what we are proposing to build is not an ID card but an ID system, and asks the same questions that even technology vendors have been asking the British government all along: what is the system for? What problem are you trying to solve? Without a clear set of goals, how can the technology fail to fail? In Britain's case, though, getting the ID card bill passed seems to be the problem the ID card is trying to solve.

You can, of course, still promise to refuse.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of linkts to all the earlier columns in this series. Readers are welcome to send email ( but please turn off HTML), or to post comments at the net.wars blog

March 17, 2006

net.wars: A fork in the code

The open-source community has always been conscious of the dangers of forking: the splitting of the software codebase into multiple versions that make the software too confusing to use. The result is that although there are multiple flavors of GNU/Linux they are all compatible. People have been very careful about the codebase.

The problem now, as so often, is lawyers. While everyone has agreed on the importance of shared programming code, there has been less agreement on the importance of shared licenses that dictate how people may use the codebase. If you choose free or open source software because you want to be able to modify, reuse, and redistribute the code, you may spend more time studying the licensing terms than you do the software. The Open Source Initiative lists 58 approved licenses.

The trouble is that many licenses require new work using old code to be distributed under the same license the old code used; when you mix code, you also mix licenses. This provision was Richard Stallman's key insight when he created the General Public License, the father of all these licenses: he wanted to ensure that software written as free software would remain forever free. This recursive requirement brilliant, and Stallman undoubtedly deserved his MacArthur Foundation Genius Award. But dozens of imitators later, it's like computer hardware in the 1970s – dozens of incompatible designs.

Aware of this, the Open Source Initiative has set up a license proliferation committee to try to streamline things.

"About 30 are kind of hard-coded with the name of the licensor such as Apple or IBM," says Cliff Schmidt, legal affairs officer for the Apache Foundation and a member of the license proliferation committee. "You could edit them, but if the point of OSI is to have licesnes you can reuse, that's a quick way to get rid of a bunch and say they're not really useful as they stand because they can't be reused."

If you move away from software, you find that Creative Commons is beginning to wrestle with the same problem. People talk about "a Creative Commons license" and imply that means their work can be remixed, reused, and redistributed, but the actual license terms vary quite a bit and people don't always notice.

That confusion is the reason Stallman has given recently for refusing to support any of the Creative Commons licenses. "I no longer endorse Creative Commons," he said in an interview with LinuxP2P a couple of weeks ago, going on to explain that the terms of some Creative Commons licenses, such as some of its Sampling licenses are "unacceptable to use for any kind of work". Debian's legal members, too, last year analyzed some of the Creative Commons licenses and have recommended against using some of them for varying reasons. A particular stumbling block for free/open source software advocates is the option of prohibiting commercial reuse and distribution – and there, I suspect, is a key difference between the content industries and the software industry.

The content industries have long been a war between individual artists/creators and large publishers/distributors. Until recently, it was rare for artists or creators to have access to the means of distribution. But software has grown up in a world where copies were easily exchanged, in an industry new enough that huge companies can be built by two people starting in a garage. Most content creators create whole works (outside of the movies, which are fundamentally collaborative). Most software is written collaboratively. Content creators are usually self-employed, most live near the edge of solvency, and they have learned from an industry with a long history of treating people like them badly to be wary that everyone but them will profit from their work. Even something like the Free Art License recognizes this danger.
Programmers, on the other hand, usually have jobs, and their work in open source may pay for itself in increased visibility, respect from their peers, and even higher salaries. That fundamental difference in outlook is, I think, one reason why documentation in the free/open source movement tends to be so poor: few writers can afford to work for free, and when they do they want to do something that isn't the same as everything else they do that day.

It seems clear that the number of licenses will be streamlined. But the fundamental political differences are not going to go away, as the inclusion of the express bar on DRM (which Stallman refers to as "Digital Restrictions Management") in GPL version 3 makes plain. In the end, we are likely to wind up with three main branches of free/open source licenses: the purist branch which bars all restrictions on reuse, digital or otherwise; the commercial branch, which allows some restrictions but does not distinguish between commercial and non-commercial reuse; and the non-commercial branch, which allows some or no restrictions for non-commercial reuse but retains control over commercial reuse. I do not see any way that these three fundamental disagreements can ever be resolved into a single free license codebase.


I hope net.wars will continue to be carried by other sites (currently, www.newswireless.net), but it seems like a good idea to also have my own site where I publish the columns. I've done it as a blog so that a lot of the email I get could perhaps become comments instead and we can have Discussions. There's an RSS feed over there somewhere, and sometime soon I hope to set up a mailing list for people who'd rather read it by that route.

And yes, I do intend to move on quickly from the standard template/colors. But I wanted to get started. So here we go.