dob will be used as it’s supposed to be easy to remember, however, it’s also personal and so I’d agree not something you’d expect on a scheme like this. It’s ‘only’ supposed to be a petrol scheme.

The kind of thing you mention here personally drives me nuts…people simply do not think through the mechanics of the complete system…that included the human actors…and whether it makes sense as a whole. Clearly this is a good example where adequate consideration has not been given…

What’s the saying…loyalty takes years to build and seconds to destroy…

Asking for Date of Birth *might* seem reasonable, unfortunately other organisations like banks and even Government use DoB as a “security” check.

That’s why many people have “alternative” dates of birth – together with alternative names – for use when completing low grade registrations: The challenge is to remember which “version of the truth” you told to which company!

Under one of our barmy recent laws, it’s probably now a crime to “deceive a computer”!

As a company director, Companies House (part of the DTI) *demands* my DoB and gaily publishes it, together with my full name and home address!

Under their paper accounts filing system, Companies House demanded that I *signed* the company accounts: They then gaily published my signature.

Thank you DTI: So much for privacy; so much for security!

I didn’t say dob was reasonable, I said it was probably selected as it was considered something easy for users to remember. However, as you amply lay out, dob for a ‘trivual’ application like a petrol loyalty scheme is not good data…it is too personal.

As to the various failing of the Companies house scheme and way in which it can be defrauded…well, don’t get me started 🙂

Yes, I have a simple policy:

If an organisation *demands* an answer to an irrelevant, intrusive question: They will get an answer – but shouldn’t rely on its accuracy or usefulness!

I’m not a big fan of loyalty cards, but I did have a bad experience of an online registration system a few years ago when I bought a Vodafone pay-as-you-go phone.

They offered free minutes etc if you register. You could do this online, or by posting off a little card filled in with the relevant details. I decided it would be simplest to do it online. So I entered a password to access my account online, then a question (which could be mother’s maiden name, or your own question) and the answer to this question, name, address, etc etc…

I wanted to be able to top up my account online using internet banking, but I could figure it out, so I phoned them up. They asked me for my password. When I told them it, they said it was wrong. But I could use it fine to log on and see all my details! After several frustrating calls they offered to send it to me via snail mail. When it arrived, it turned out that what they were referring to as the ‘password’ was the answer to my secret question. And they were expecting me to come up with the answer without being given the question!

I think the trouble lay in the fact that the terminology for the postal and online registrations forms was different and contradictory.

So, as has been commented above, the ‘system’ worked fine, but once people got involved it stopped working so well…

Yes, with the advent of the Internet and the weak security checks still used by crazy banks, I try to protect personal information by having:

– Variations of “names”
– Different “dates of birth”
– Different “places of birth”
– Variety of “first schools”
– Variety of “pet’s names”
– Variety of “Mother’s maiden names”
etc. etc.

“Security” designers assume that these items will be easy to remember; in fact, I have to keep a (rapidly growing) hand-written list: Even then, I can’t always remember which “facts” were used with which service.

Well of course it’s the idea of not having pieces of paper that drives the idea of using ‘memorable information’. Of course a lot of ‘memorable information’ is publically available and FriendsReunited (for example) nicely gives access to first and last schools and other personal information.

So it’s tough one. Use information people should be able to know/remember – but which then of course may be known/found out by someone else – or give people a truer secret which you can be pretty certain they’ll not remember and so resort to paper.

As this site is about ‘Ideal Government’ let’s use a Government example: The Gateway userID. The idea behind this is the identifier is in itself secret and hard to guess, hence cracking the userID/passowrd combination becomes much more difficult due to the unpredicatable nature of the userID. However, the 12 alpha-numeric userID is so unmemorable I’d guess I could count those who can memorise it on the fingers of one hand. That means people need to record it – on paper, in their browser etc. – and so then quite how secure is this ‘more secure’ ID?

So it’s a trade-off. ‘Secure’ information can be very insecure if you oblige people to put it on a post-it note and ‘insecure’ information can be more secure as it may be harder to obtain. Remember, the ‘secure’ userID may have a 2^1 chance of being broken by simply lifting the mouse mat – forget the brute force computation option 🙂

Yes, and “Gateway” IDs are made even harder for users to get right because they contain ‘I’s, and ‘1’s; as well as ‘o’s and ‘0’s etc. I expect that this alone causes many “help” requests.

On pointing this problem out, I was told that eliminating easily misread & easily confused characters would leave insufficient IDs for the UK population.

(Apparently, no-one had thought about using “special” characters, or about combining other identifying information with a simpler ID.)
—

There are much better automatic password generators, including some which generate random “triplets.”

At least with those, you have some chance of composing eg. a rhyme which reminds you of your password.
—

Three further issues about “Gateway” login details:

1. I’m more concerned about the security of my bank account than my “Gateway” account: My use of the Gateway is chiefly about ‘authentication’ & ‘non-repudiation’ of documents that I supply to Government.

I hope that no trickster or member of HMRC staff would want to fake or alter my tax returns.

The government may rank the importance differently, but I’m actually more concerned about the possibility of theft from my bank account!

2. I log into my bank account much more frequently than I use the Gateway: In fact, each year before I use the Gateway for ‘real,’ I do a trial login just to check that my details still work.
However, it’s not possible to test some aspects such as ‘Bill-Pay’ logins.

It’s most unlikely that I’d remember a 12 character random ID & password which I’d last used 12 months ago, so have to refer to written records.

3. At least *they* dropped the initial requirement that we’d all have to buy & rent expensive digital certificates, just for this trivial purpose.

(Government advisers, probably including purveyors of digital certificates, apparently recommended this as a way of forcing businesses to adopt eBusiness – “for our own good.”)

[b]Wibbis:[/b]

a. Wibbi the government’s scale of values matched mine.

b. Wibbi government advisers understood more about how I (or even, how real people 😉 ) actually live & operate.

ps. This [b]will not[/b] be solved by ID cards: The gateway login details [b]identify the company[/b] not a person: Within a company, responsibility for filing the information may well be passed from person to person, to suit changing company needs.

Well you might be more concerned about your bank account but don’t think your Gateway ID has no value other than filing you SA100.

There have been cases of benefits being fraudulently diverted and a nice fat VAT refund could do very well. If I can login as you at Gateway and you have some nice services, maybe I can alter bank accounts and put in for some refunds for you that come to me. Actually, your Gateway services are a lot more valuable than you might imagine.

Incidentally, digi certs have not been dropped by Gateway. Gateway has always had ‘level 1’ and ‘level 2’ services. 1 uses userID/password (or cert) and 2 is cert only. The reason you see ‘them’ as having ditched the requirement is that the Departments have simply reclassified their services as ‘level 1’.

Like you, there’s no way I can remember a 12 char alpha-numeric but this is where I think some people lose the plot. They work out that their new scheme will take 10^(some big number) years to brute force crack on the worlds biggest supercomputer, ignoring the fact it will take the average use a similarly long amount of time. Hence you have to record the userID/password/whatever somewhere, meaning the solution is NOT mega secure and the 10^(very big number) claim misses the point that the human actor is a part of the ‘system’.

There have been attempts to look at more usable userIDs but it’s not a simple option, especially with such a large user population.

Finally, Gateway does track users even on business services but you’re quite right the mapping user userIDs to real-life people and to companies is a nightmare…which is why Gateway doesn’t do it. You are also completely right that ID cards will do nothing…certainly not in the business service arena and probably not even in the ‘citizen services’ either.

I started this thread because the Government seems to have been basing its ID project on schemes used by private companies, including commercial “loyalty” schemes.
—

I seem to remember that the first online VAT service offered by HM Customs & Excise required each company to buy a digital certificate: HM C&E paid part of the cost for the first year: The take-up was very low! (Extra cost; extra hassle; zero benefit.)

My company’s current HMRC services could use a digital certificate, but HMRC also accepts the simpler (and cheaper) Gateway logon.
—

The letters from ‘the Gateway’ which contain the logon details do repeatedly mention the person who registered on behalf of the company.

Interestingly, the logon details for the HMRC online corporation tax service (CT600, not SA100) were sent to the ‘Company Secretary.’ However, logon details for the HMRC online PAYE/NI service were not sent to the Company Secretary.
—

Until fairly recently, many documents had to be validated using the company’s official seal: The seal was kept in the safe because its use signified company approval: Any human name or signature was very much secondary.

I view the Gateway logon details like a (rather second class) company seal: These logon details can be used – by anyone – to validate the company’s returns to the HMRC.

The company (and its officers) are responsible for filing the government documents: They can delegate this task – someone else may well do the actual filing – but the company (and its officers) remain ultimately responsible.

Well the whole Gateway certificate model is, as you say, based on using externally provided private-supplier certs.

There is an important thing about national ID and any service provision – it is essential to know the link between the ID and the service and this *isn’t* currently known. This is why through Gateway you have to enrol in each service and in effect make an identity assertion to use a specific service quoting ‘known facts’ – some more secret than others. Forget the type of national ID. Forget how super-secure someone might claim it is. It doesn’t matter how wonderful it is as no cross-lookup exists between the ID and, let’s say, your SA, Council Tax or your company VAT. What’s more, as National ID will identify the *individual*, while it might be possible to link National ID and a personal service such as SA (via NINO is the thought but don’t underestimate the complexity of doing this), linking to corporate service such as CT or VAT is much more complex as it requires the personal identifier (the national ID) to be linked-in with the corporation and for that association to be kept up-to-date. Not easy at all…people move jobs and job responsibilities.

This is in fact why your CT activation PIN letter came to “The company secretary”…HMRC don’t know a name to send it to so have to send the letter to the known company address quoting a known position. A similar VAT letter goes to ‘Managing Director’ for the same reason. On corporate service HMRC have no knowledge of the officers of the company or people with authority make declarations…that information simply doesn’t exist…and so a named National ID doesn’t help determine whether you should or should not be doing something just as a current level 2 cert doesn’t actually provide you anything other than a cert to use during login. However, ‘more secure’ identity may though help identify ‘the actual user’ if it’s subsequently discovered they were knowingly committing a fraud which is where there is some interest in actually *who* made a declaration, even though it is the company directors who are ultimately responsible.

—

And you are correct, the original eVAT system did require a ‘Gateway level 2 logon’ (= digi cert) and yes take-up was poor…that’s why the new eVAT system uses ‘Gateway level 1’ (= userID/password). The original eVAT system was piloted on Level 1 but C&E ‘encouraged’ to upgrade it to level 2 for launch…and expected take-up slumped just as predicted.

Thanks for that. I note that IR & HMRC introduced a “Taxpayer’s Reference Number” rather than using the widely discredited NINO numbers.
—

This also provides more ammunition in my campaign to abolish Companies House, part of DTI: Individual staff are usually helpful, but it provides nothing of value to my company; only costs, hassle and the risk of severe penalties for minor infringements.

The names, private home addresses, dates of births etc. of company directors and the company secretary have to be notified to Companies House – and kept up to date. Each year, these details have to be confirmed and the registration fee paid. Each year, company accounts have to be sent to Companies House. All this information is made public.

Any failure to meet their deadlines or to supply correct information in the approved format leads to automatic penalties of hundreds or thousands of Pounds. There are also criminal penalties.

It is interesting that even the HMRC doesn’t use this public record of company “officers.”

Unfortunately, fraudsters have been rather too skilled at using it; subverting Companies House and defrauding victim companies. (For which Companies House and the DTI have taken no responsibility!)

Wibbi: The current discussions between DTI/Companies House and HMRC resulted in a simpler regime with less duplication and less pointless bureaucracy.

Yes the Companies House defraud scheme is a nice one and it’s stunning nothings been done about it…

As to HMRC using Companies House data, the problem is in identity matching. Let’s say you wanted to check an online CT filing against a list of names held by Companies House. Well:

1. Where does it say only officers of the company are the only people able to submit the Return? Why can’t an authorised member of staff submit the Return and how then would Companies House know this…without yet more red tape?

2. Just because Companies House might have a company officer called ‘John Smith’ and just because the name associated with a Gateway login may have been given as ‘John Smith’ or even be a certificate distinguished name (indicating at least a modicum of identity verification), how do you know it’s the same ‘John Smith’? The answer is you don’t and never can as there is no link. There is no unique ID on a Companies House name that can link that name unambiguously to any on or offline credential, even a signature. So it is impossible for HMRC (or anyone else) to cross-check

3. If you recall how you originally Registered with Government Gateway (read: created yourself a Gateway userID) you may have noticed it simply asked you your name. You can put ‘Donald Duck’ in there is you wish and if you then know some Government service Known Facts, ‘Donald’ can go on and enrol in some service and submit anything those services entitle him to submit…including your CT and VAT 🙂

Yes, all agreed.

I’d like to see more research into how people’s frequently changing “roles” could be reflected in eGovernment, eBusiness & eCommerce schemes.

All the excitement about eg. Biometrics for the government’s ID project has diverted interest away from such practicalities.

Hence, since the move away from traditional paper benefits books, kindly neighbours and even home care workers can no longer run simple errands for house-bound people, such as collecting their pension for them: That now requires an inflexible long-term arrangement which doesn’t reflect real needs.