Before I get started, a quick run down of the federal government’s “Access Card” plan is to have an all-purpose card, used for accessing government services. This card would contain a smart-card chip, which would store certain information, as required by each government agency you use.  There is also discussion that there will be a certain amount of capacity left on the card, which businesses and users could use for other functions.

I’ve been listening to Background Briefing from today titled “Getting smart: The Access Card”.

In it, Joe Hockey, MP (Minister for Human Services, Federal Minister for North Sydney) gives some comments in support of The Australia card.
“The only information we’re going to hold [in the government database connected to the card] is what’s already on the face of your drivers licence”,  Mr Hockey then goes on to say “So, if someone tries to break into that database, [...] if they try to break into this, the only thing they’re going to find out is what already they can find out by stealing your wallet”.

Great, Joe - I’m glad you’re an IT security expert. Oh, wait, you’re not. Infact, on his “Meet Joe” page on his site, I can’t find any sort of information to indicate that he has any sort of IT knowledge.  Joe repeatedly describes the card as a “mini ipod” , which demonstrate a stunning lack of understanding as to how the technology works.

There’s two parts to this ”Access card”:

Part 1: The back-end / central database - This will apparently only contain some basic information about you - at first.  It’ll be controlled by the government, with access to only government agencies.

Part 2: The actual card, or rather: the smartcard chip. - This will store all sorts of information. Initially, it’s slated to replace Medicare, Veterans Affairs, and Centrelink Benefits cards. Mr Hockey says however that people will be able to connect it to their home PC, and place information on the card - such as medical history/etc as desired.  Joe even says that you may choose to store other data: Bank account information, shopping lists, Australia Post, etc.

What relationship the card will have to the backend, is unclear as yet. Mr Hockey says that they don’t want to store anything beyond the basics (so, your basic stats - as per your drivers licence).

Ok, so lets go from here -

Someone breaking into the central database, will “simply” steal information on nearly 21 million people.   Sure, it’s “only” drivers licence info, but hey - it’s a great start.
With this information, I could call up Telstra, and connect or disconnect services. Yeah, I’ll probably need an account password - but, since I’ve got this huge database, I can probably quite easily dig up the names of family members. “Oh, sorry, was the password “Jimmy”, or maybe “Mary”? I’m so forgetful”.
OK, so it’ll be significantly better protected, but I doubt it can be secured quite like the ATO databases (which are, presumably, isolated from the public networks).

The main issues I have are to do with the card itself.  To allow confidential data to be stored on the card itself, is to encourage it’s wholesale misuse. I’m not talking about the card being used as an all-purpose identity card - that’s pretty much a given (just like a drivers licence is now).

There are promises that the data embedded by government agencies will be secured from duplication - it’ll need a pin code to be validated by the card itself, and will only be able to be decrypted by authorised users.

Regardless, I still don’t trust it - there will be (unsecured) space for others to store data on (video rental companies, supermarkets, whomever else asks for you to load your card on). Just having companies ask you for this card, which contains so much data (even if it is secure by today’s standards) is risky. 
You’re trusting that a business won’t look at any of the other data on the “public access” section of the card - either intentionally (spying on what other services you use, and grabbing all that other data), or unintentionally (say, by poor software design).

Implementing a card like this, is one thing - updating the cards in a timely fashion, when security issues arise is entirely another.  I’m certain that it’s a when, not an if - if we have learnt anything about IT Security, it’s that nothing is secure for any appreciable amount of time.

Already, someone has demonstrated that they can copy the content from the e-passports. They can’t modify the data, but they can load it onto another smartcard. Combined with some other functions, that person can then pass through the automated immigration control gate at places like Sydney Airport. 
What makes it worse, is that someone could quite easily do this without you ever knowing it. Since the e-passport is contactless (meaning there’s no electrical path from the chip to the reader), someone can walk past you with a specialised receiver, and duplicate the content of every e-passport within range (50 feet or more, if the right type of antenna was used).

What’s the solution? I’m not certain as yet.
Yeah, I criticise politicians who bag something out, without giving an alternative solution - but this is a major, wide reaching scheme. 
Do we need some sort of reform with regards to Identification to government agencies? I’m not sure - quite possibly. 

I am certain that we don’t need a central identity card which has such potential for misuse. We already have relatively secure means for identification - a Drivers Licence or Passport will suffice for all of those, that I can see.

More crazy stories from the good ol’ US of A.

This time, a Denver homeowners association is threatening to fine a resident USD$25/Day fine for having a Christmas wreath, shaped like a peace symbol on her house.

Apparently “some” residents complained because they had children serving in the US Armed Forces in Iraq, and found it offensive - others thought the peace sign was a symbol of Satan (…. right).  

Somehow, I don’t think the complainants were the brightest bunch. It’s probably also safe to say they weren’t pot smoking hippies in the 60’s, either.

Lisa Jensen (the tree-hugging, Satan worshipping, anti-Iraq, hippie resident) says she’s not going to take the sign down until after Christmas. Lisa says it will probably cost her about USD$1,000 for her little statement.

Good on ya Lisa, stick it to ‘em.

Slashdot reports on a media release by the Internet Industry Association a few weeks ago.

Said IIA chief executive, Peter Coroneos: “We can’t be sure if this is the government’s intent, or whether there has been a terrible oversight in the drafting of this Bill. Either way, the consequences for the average Australian family could be devastating.”

“As an example,” said Mr Coroneos, “a family who holds a birthday picnic in a place of public entertainment (for example, the grounds of a zoo) and sings ‘Happy Birthday’ in a manner that can be heard by others, risks an infringement notice carrying a fine of up to $1320. If they make a video recording of the event, they risk a further fine for the possession of a device for the purpose of making an infringing copy of a song. And if they go home and upload the clip to the internet where it can be accessed by others, they risk a further fine of up to $1320 for illegal distribution. All in all, possible fines of up to $3960 for this series of acts – and the new offences do not require knowledge or improper intent. Just the doing of the acts is enough to ground a legal liability under the new ‘strict liability’ offences.”

As I’ve written a few times, this bill is terrible.

Edit:
There are some risk matrices available for Families (PDF), Teenagers (PDF), Small-Business (PDF) and Industry (PDF).

Scary stuff, really.

From ABC News (AU): Google warns Aust copyright laws could cripple Internet.

Looks like there’s more implications… And the Senate Committee is due to submit it’s findings on Monday Friday, by my count.

Kim Weatherall has a funny, although quite serious post on the implications of a fairly innocent behaviour under the proposed Copyright Amendment Bill of 2006.

I haven’t seen Telstra’s new ad myself, so I’ll leave it to Kim to provide the description:

You may have seen the ad (it showed last night [Sunday 2006-11-05] during Australian Idol, but I’ve seen it before): a good-looking girl having a great time at a live concert holds up her fabulous sexy slimline phone and records what’s going on. She sends it to her home computer, and a whole bunch of the concertgoers follow her home to continue the party at her place. Pan to fabulous large house with seriously rocking party.

It turns out that under the proposed new copyright law, said girl would have racked up about four criminal offences and a maximum of $26,400 in fines. Plus, there’s an opportunity for an on-the-spot fine of  $1320 if a police officer catches her at it.

Apparently under current law all of the same offences exist, but it has to be proved that you knowingly/intentionally breached those laws for it to become a serious consideration. (So, if your day job is a TV cameraman, or IP/Copyright Lawyer, you could be in serious hot water). The new laws, according to Kim, remove that requirement.

 

Hold the phone… (update) According to someone at work, the girl in the ad actually downloads the song from Bigpond Music on her mobile,  which lets her play it on her home PC too.  

That’s good - but she’d still be in breach of the licensing terms and possibly copyright act, because it’s a public performance.

Scott Adams has a new piece today which, in my opinon, is great.

Worst Politician Ever

As a political candidate, I would advocate some sort of tax rebate to subsidize Internet porn and Kleenex for single men between the ages of 18 and 35. That way all the potential rapists can more easily afford to exhaust themselves at home. I’d have graphs and charts to make my argument that no other policy would be as effective. My slogan would be “Deal with the root cause.” I would call it my Yankee Doodle plan.

I would also legalize drugs, partly to free up law enforcement resources for more serious crimes, and partly to make the Internet porn that much more enjoyable compared to raping.

It’s a blog you should be reading every day.

Very useful link for any NSW Photographers - NSW Photographer’s Rights.

Some funny stuff in there too

The story I wrote about yesterday has made it to digg (little wonder with News.com.au having the digg icon on it).
digg - Vegemite banned in the United States.

Some funny comments on there:

“ojk007″ offers some helpful hints on how to eat vegemite:

How to eat vegimite!

1. Get a piece of bread or a cracker.
2. Spread as much on as possible. (the more you put on the better it tastes! Trust me im an Aussie!)
3. Eat as Slowly as possible.

A Funny thread on whether A Current Affair or Today Tonight would take up the story.

“Young Aussie battlers stripped of their pride through unnecessarily outrageous bans on Vegimite”

Angostura obviously has no idea what kind of fight they’re getting into, and should be divorced shortly:

Ah. As a Brit married to an Australian, you can imagine that there is an ongoing ah - discussion about Marmite v Vegemite. Marmite was the original, and Vegemite is essentially a watered down version created for the delicate ozzie palate.

/Flame on

… flame on indeed.

JHawk24821 starts a funny thread with this comment:

When I read that it was banned, the first thought that came to mind that it was somehow related to terrorism. I was asking myself how Vegemite could be seen as dangerous, then it occurred to me that someone probably took it on a plane, or tried to at least, and the airports nut balls thought it was a bomb.

Finally, jumanous has a rather pointed comment.

That has to be the most ridiculous thing I have heard all year!! You can have a rocket launcher or an AK47, but God forbid you eat Vegemite on toast. I have now officially heard it all.

Ian points out an article on News.com.au that The US FDA have made Vegemite Illegal.

Apparently it’s because of Folic Acid, and border inspection guards are even searching people (presumably Australians) at entry for Vegemite.

Australian expatriates in the US said enforcement of the ban had been gradually stepped up and was now ruining lifelong traditions of Vegemite on toast for breakfast.

Kraft spokeswoman Joanna Scott said: “The (US) Food and Drug Administration doesn’t allow the import of Vegemite simply because the recipe does have the addition of folic acid.”

Crazy… just… crazy.

I havn’t had time to read the bill yet (216 pages? Just for an ammendment?), but Kim Weatherall has a short post summarising the new changes.

Relevant quote from Kim’s blog:

The bill includes:

• The TPM Amendments (the OzDMCA, or new anti-circumvention laws) - material that I’ve discussed
• The new copyright exceptions (outcomes of the iPod inquiry)
• The new copyright enforcement provisions; and
• Some stuff on signal piracy/pay television; and
• Some stuff on the Copyright Tribunal.

It is only now that we can see, altogether, the whole unholy complicated mess that this piece of legislation is. Just wait until you see the next edition of the consolidated Copyright Act.

The whole bill has been referred to the Senate Standing Committee on Legal and Constitutional Affairs. Submissions are due 30 October; the Committee will report by 10 November (and we assume, the Bill will pass in substantially unamended form shortly thereafter).

(The bolded bits are per Kim’s post).

It’s interesting to note that there’s 10 days left for people to put forth a submission (including today), and then a further 10 days for any submissions to be considered and any ammendments to be made to the bill. &emdash; Get speed reading, now.

---

(Added at 12:10PM)
The news that there’s going to be a .au version of the DMCA is disappointing, although not entirely unexpected given that the US-AU FTA went through.

Yes, I think I should have the legal right to buy Region-Protected DVDs from the UK or US, and play them on my PC or DVD player.

I should also be able to do the same thing with Region-Protected games bought in other countries, on my locally purchased game console (if I ever decided to purchase a console, that is).

(I’m talking legit stuff here - not “backups” of games and things like that)

If in either case I needed to override the built in region protection to do so, I should not have to break the law.

---

(Added at 12:21PM)

Actually, just go to the Lawfront site - they’ve got a whole bunch of good commentary on things I’ve discussed recently, including the IceTV Case.