NO2ID

NO2ID

NO2ID's ID Card & Database State Online Discussion Forum
 
It is currently Wed, 23 Apr 2014 06:44:27 +0000

All times are UTC




Post new topic Reply to topic  [ 14 posts ] 
Author Message
 Post subject: VNU: Stork electronic ID network takes off
PostPosted: Sat, 17 Jan 2009 14:38:40 +0000 
Offline
Site Admin
Site Admin

Joined: Sun, 09 Jan 2005 18:23:13 +0000
Posts: 10498
Location: Cambridge
http://www.vnunet.com/vnunet/news/2234165/stork-takes

Stork electronic ID network takes off

Cross-border identity project goes live with five pilots

Written by Phil Muncaster

vnunet.com, 16 Jan 2009

The Stork project to create a Europe-wide electronic identity network gathered pace today with the launch of five pilot deployments to test its readiness for full-scale implementation.

Stork was officially unveiled at the ISSE 2008 security event in Madrid last year.

Around 30 million national electronic ID cards are used by citizens throughout the European Union to access a variety of online public services, but one country's card cannot be used to benefit from the same services in another country.

The Stork project aims to address this with a three-year remit to enable cross-border recognition of national electronic ID systems.

...


Report this post
Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat, 17 Jan 2009 20:09:51 +0000 
Offline
A-List
A-List

Joined: Sat, 07 Apr 2007 10:29:05 +0000
Posts: 2855
For some background on Project STORK, please see http://dematerialisedid.com/BCSL/Hall.html.

Project STORK now has its own EU website, please see http://www.eid-stork.eu/, which allows people to submit suggestions:

Quote:
Your message has been sent successfully to the portal administrator, who will verify it.

Following its verification, the message will be sent to the intended official.

The compromised security of the UK Government Gateway

Category: Suggest
Date: Saturday, 17 January 2009
Sector: eID Community of Interest

Author: David Moss
Destination: STORK


STORK requires the national systems of several countries to be interoperable. The relevant system in the UK is the Government Gateway, http://www.gateway.gov.uk/.

On 2 November 2008 the Mail on Sunday newspaper reported that a copy of the source code for the Government Gateway, together wil logon details, was found on a USB stick left in a pub car park in Cannock, http://www.mailonsunday.co.uk/news/arti ... -park.html:

Quote:
Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people's private details.

The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns to parking tickets.

An urgent investigation is now under way into how the stick, belonging to the company which runs the flagship system, came to be lost.

It is suggested that our EU partners would be well advised to satisfy themselves that the Government Gateway is now secure before individuals, companies and government departments entrust their data to it. Our own Prime Minister doubts it, http://www.dailymail.co.uk/news/article ... under.html:

Quote:
It is important to recognise we cannot promise that every single item of information will always be safe because mistakes are made by human beings. Mistakes are made in the transportation, if you like in the communication, of information.

It will be remembered that a year before they lost the source code and logon details of the Government Gateway, they lost the details of 25 million child benefit claimants, including their bank details, http://dematerialisedid.com/BCSL/Hall.html. Anyone entrusting their data to the UK end of STORK is taking a real risk.

_________________
http://DematerialisedID.com
http://DMossEsq.com


Report this post
Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat, 17 Jan 2009 21:56:58 +0000 
Offline
C-List
C-List

Joined: Fri, 07 Oct 2005 08:30:46 +0000
Posts: 828
Location: Edinburgh
Well done, David, a brilliant response!

_________________
John
http://www.jwelford.demon.co.uk/


Report this post
Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun, 18 Jan 2009 00:37:53 +0000 
Offline
A-List
A-List

Joined: Sat, 07 Apr 2007 10:29:05 +0000
Posts: 2855
Thank you for that, John.

Re-reading the STORK literature reminded me just how partial the NIS is.

The NIS is meant to help in the fight against identity theft. But it makes provision for registering only individuals, whereas companies and charities and trades unions and even government departments suffer from identity theft as well. What could the NIS do for them? Even if IPS ever pull their finger out, nothing.

The NIS is (or was) meant to help in the fight against money-laundering. That involves companies as well as individuals. What could the NIS do to reduce money-laundering undertaken by companies? Once again, nothing.

The European Commission's approach, by contrast, is more rounded – IDABC, OSCIE and STORK all confront legal persons as well as persons.

It reminded me also of the gratuitous involvement of James Hall in STORK:
Quote:
Most Brits would find the next meeting with the Stork committee unbearably embarrassing. But not James Hall. Why? Because he’s made of sterner stuff? No. He’s just very very used to failure.

_________________
http://DematerialisedID.com
http://DMossEsq.com


Report this post
Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon, 26 Jan 2009 15:08:19 +0000 
Offline
A-List
A-List

Joined: Sat, 07 Apr 2007 10:29:05 +0000
Posts: 2855
The STORK Dissemination Team wrote:
From: athina
Sent: 26 January 2009 14:23
To: David Moss
Subject: RE: Your letter to the STORK project

Dear Mr. Moss,

Regarding the letter you have sent us on January 17, 2009, we would like to inform you that we have requested for a formal response from the UK Government. They have committed to respond and we will let you know when they have done so.

Best regards,

Athina Vrakatseli
STORK Dissemination Team

For more info please view:
http://www.eid-stork.eu/

_________________
http://DematerialisedID.com
http://DMossEsq.com


Last edited by David Moss on Tue, 27 Jan 2009 00:23:20 +0000, edited 1 time in total.

Report this post
Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon, 26 Jan 2009 19:27:31 +0000 
Offline
Moderator

Joined: Tue, 11 Apr 2006 13:02:46 +0000
Posts: 2845
Nice! Do you think the 'formal response' will make enough sense to be accepted?
That said, my suspicion is that they might just accept a bunch of assurances that everything's OK, and it will never happen again, honest...

Also, multiple caveats around the words 'have committed to respond' :?


Report this post
Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue, 27 Jan 2009 00:22:03 +0000 
Offline
A-List
A-List

Joined: Sat, 07 Apr 2007 10:29:05 +0000
Posts: 2855
Doctor_Wibble wrote:
... Do you think the 'formal response' will make enough sense to be accepted? ... my suspicion is that they might just accept a bunch of assurances that everything's OK, and it will never happen again, honest ... Also, multiple caveats around the words 'have committed to respond' :?

When you and I try to communicate with the responsible departments, we are lucky to get any response at all. The European Commission have rather more leverage than us. At least they will get a response.

Goodness knows if the Cabinet Office and/or the Home Office will respond sensibly. If they do, well and good, that will be progress. If they don't, there is the possibility of a monumental political problem.

No overseas individual or company or government department is going to want their details recorded on the UK Government Gateway without some independent, expert, international assurance that it is now secure. Those individuals and companies have votes and they pay taxes. Politicians may try to ignore their worries but that seems imprudent. Better to champion their constituents and demand that no data be shared via the UK Government Gateway.

If that happens, then STORK faces a problem, and so the Lisbon Resolution faces a problem. The UK will be standing in the way of the EU's 5-year plan, i2010. Not a comfortable position.

_________________
http://DematerialisedID.com
http://DMossEsq.com


Report this post
Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed, 11 Mar 2009 15:43:07 +0000 
Offline
A-List
A-List

Joined: Sat, 07 Apr 2007 10:29:05 +0000
Posts: 2855
Quote:
From: David Moss
Sent: 09 March 2009 22:18
To: 'athina'
Subject: RE: Your letter to the STORK project


Dear Ms Vrakatseli

It is now about six weeks since your email. Have Project STORK had a formal response from the UK government yet?

Kind regards
Yours sincerely
David Moss

_________________
http://DematerialisedID.com
http://DMossEsq.com


Report this post
Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed, 11 Mar 2009 15:44:53 +0000 
Offline
A-List
A-List

Joined: Sat, 07 Apr 2007 10:29:05 +0000
Posts: 2855
Quote:
From: Athina Vrakatseli
Sent: 11 March 2009 13:11
To: 'David Moss'
Cc: 'Yasmin Mazhari'; 'Evika Karamagioli'
Subject: RE: Your letter to the STORK project


Dear Mr. Moss,



The UK Government is working on it. We recognise the importance of a response and will get it to you as soon as possible. We apologize one more time for the late reply.



Regards,

Athina Vrakatseli

_________________
http://DematerialisedID.com
http://DMossEsq.com


Report this post
Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu, 12 Mar 2009 13:50:09 +0000 
Offline
A-List
A-List

Joined: Sat, 07 Apr 2007 10:29:05 +0000
Posts: 2855
We tackle the question every now and again on this forum how old is the NIS. Do we date it from David Blunkett's July 2002 consultation document? Or earlier?

Take a look at the UK Government Gateway FAQ, section 1.1.1:
Quote:
Q. What is the Government Gateway? What is it for?
A. In 1999, the UK Government commissioned a report from PA Consulting [of course] looking at the cross-government infrastructure that would be required to enable the delivery of online services and joined-up government to be implemented. One of the recommendations in that report was that the UK Government should procure a central ‘gateway’ that would help tackle common issues such as user identity management, messaging and transaction handling.

1999? Any other bids?

Take a look at the Revision & Sign-OffSheet, page i. The author of this FAQ document is Jerry Fishenden. Is that the same Jerry Fishenden who has subsequently warned us all of the dangers of creating a honeypot in the NIR?

And then there is EDT, the eDelivery Team. I was meant to have a meeting today with EDT. It was postponed. They have been called away to Brussels. To collect their orders? Or, who knows, perhaps to answer questions in the wake of Cannock about the security implications to Project STORK? Are Athina Vrakatseli and her colleagues even now as we confer giving EDT a hard time?

_________________
http://DematerialisedID.com
http://DMossEsq.com


Report this post
Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed, 05 Aug 2009 12:56:37 +0000 
Offline
A-List
A-List

Joined: Sat, 07 Apr 2007 10:29:05 +0000
Posts: 2855
Quote:
From: David Moss
Sent: 05 August 2009 13:53
To: 'Athina Vrakatseli'
Cc: 'Yasmin Mazhari'; 'Evika Karamagioli'
Subject: RE: Your letter to the STORK project



Dear Ms Vrakatseli

It is now over six months since I pointed out the danger to any EU individuals, businesses and government personnel if they rely on the security of the UK Government Gateway. It is disappointing that no response has yet been received.

In the absence of any response, the only prudent inference is that it is unsafe for anyone to entrust their personal, business and financial details to the UK Government Gateway.

Without the Government Gateway, the UK does not have the wherewithal to meet its obligations under the Lisbon Declaration of 19 September 2007. That is unfortunate. But the problem will not just go away by ignoring the security breaches of the Government Gateway, the failure to meet the Lisbon obligations needs to be confronted openly, seriously and now.

Yours sincerely
David Moss

_________________
http://DematerialisedID.com
http://DMossEsq.com


Report this post
Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue, 25 Aug 2009 15:30:07 +0000 
Offline
A-List
A-List

Joined: Sat, 07 Apr 2007 10:29:05 +0000
Posts: 2855
Quote:
From: Yasmin Mazhari
Sent: 25 August 2009 12:58
To: 'David Moss'
Cc: communication@eid-stork.eu
Subject: RE: Your letter to the STORK project

Dear Mr. Moss,

The Government Gateway enables secure authenticated access to UK government online services and it is accredited to process information up to UK Government Restricted. The infrastructure and application is continually monitored and has regular independent security tests. The Government Gateway is also compliant with the data protection act, UK policy and UK Government information assurance guidelines. Furthermore, all staff and suppliers have to adhere to a data projection policy when using mobile storage devices, for the delivery of the Government Gateway services.

The loss of the storage device (a USB stick) by a supplier responsible for the service delivery of the Government Gateway, did not compromise the Government Gateway or give open access to the Government Gateway application.

Best regards,

STORK Dissemination Team

For more info please view:
www.eid-stork.eu

_________________
http://DematerialisedID.com
http://DMossEsq.com


Report this post
Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed, 26 Aug 2009 08:07:49 +0000 
Offline
A-List
A-List

Joined: Sat, 07 Apr 2007 10:29:05 +0000
Posts: 2855
Quote:
From: David Moss
Sent: 26 August 2009 08:58
To: 'Yasmin Mazhari'
Cc: 'communication@eid-stork.eu'
Subject: RE: Your letter to the STORK project


Dear Ms Mazhari

My thanks to you and your colleagues for the persistence needed to obtain that answer from the UK government.

Yours sincerely
David Moss

_________________
http://DematerialisedID.com
http://DMossEsq.com


Report this post
Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed, 26 Aug 2009 08:09:32 +0000 
Offline
A-List
A-List

Joined: Sat, 07 Apr 2007 10:29:05 +0000
Posts: 2855
Quote:
Furthermore, all staff and suppliers have to adhere to a data projection policy when using mobile storage devices, for the delivery of the Government Gateway services.

What would Sigmund Freud have made of the gremlin which replaced "data protection" with "data projection"?

_________________
http://DematerialisedID.com
http://DMossEsq.com


Report this post
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 14 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Template made by DEVPPL/ThatBigForum