Bombs triggered by the presence of people with specific biometric traits may soon be feasible, warns a report.
Written by the Royal Academy of Engineering, the report looks at how technology is eroding personal privacy.

It shows how abuse of technology can expose people to harm by, for instance, terrorists crafting bombs that use the biometric data stored on passports to target specific nationalities.

It urges people to get more involved in the ways data about them is gathered.

Fail safe

Professor Nigel Gilbert, one of the report's authors, said the idea was not to scare people but to show what could happen when novel technologies and personal privacy interact.

"No technology is 100% perfect, and no engineer will tell you that any technology is 100% perfect," said Prof Gilbert.

"We need to think very carefully about contingency plans," he said, "about what can go wrong and what we are going to do about it when it does go wrong."

Instead of simply accepting that technology erodes privacy, the report suggests that designers, individuals and governments should work harder to find ways of making life more secure.

For instance, said Prof Gilbert, it is accepted that buying via an electronic transaction means surrendering information that allows an individual to be identified.

In truth, he said, all a merchant needs is an assurance that the customer is old enough to buy a particular good or service and that they have enough funds to pay.

Similarly with supermarket loyalty cards customers are forced to hand over information that identifies them individually. This is despite the fact, said Prof Gilbert, that all the store really needs to is what items have been bought.

"These are apparently similar things, and are all cases where it would seem people are being required to give up more identifying information than is necessary," he said.

In a bid to combat abuse, the report recommends the creation of a digital charter that outlines the rights an individual has to manage, share and protect the data being collected about them.

Properly engineered technology should increase both privacy and security, said Prof Gilbert.

Among other recommendations, the report calls for the beefing up of penalties for people and companies that flout data protection laws. At the moment, warned the report, the penalties were "close to trivial".

It also calls for people and communities to get involved with the way that data is gathered, and how intrusive technologies are policed.

It suggests that CCTV cameras could be overseen by the communities that serve or the people they watch.

Unexpected support for ID cards has come from Electoral Commission chairman Sam Younger, who has told the Times that photo ID should be required at polling stations, and that if (or, in the view of the current Government, when) ID cards become compulsory they would "undoubtedly" be applied in elections. "I think there's a very strong case for making sure we go down the road of tightening up the identification of polling station voting as well [as postal ballots]" he said.

Younger's statements are somewhat eccentric, even bizarre, given that ID cards could most readily be used to prove identity in the part of the ballot system where it's least necessary - i.e. at the polling station, where there is no evidence of widespread fraud.

Historically, proof of identity hasn't been required for voting in person in the UK, and while many voters will tend to turn up clutching the registration form that's been sent to them, simply stating name and address and having that checked against the register is sufficient proof to vote. This system clearly isn't fraud-proof, but there's enough in the way of checking and scrutiny to discourage systematic fraud. The scrutiny processes have however been heavily dependent on the existence of the traditional ballot's paper audit trail, so in Younger's defence we might consider that he's anticipating the insecurities that are likely to be introduced as, like it or not, we move over to electronic systems. But that would mean accepting the replacement of a relatively secure system by an insecure one, then bolting on ID cards as the sticking plaster, right? So not ideal from a design point of view.The massive expansion in postal voting over the past few years has however undermined controls. Previously postal ballots were heavily restricted and therefore fairly easy to supervise, but the drive to increase turnout by making it easier to vote postally has resulted in it becoming a lot easier to fiddle elections via postal ballots. One spectacular instance of this at the previous local elections led a judge to describe it as a fraud that would "disgrace a banana republic."

The verification systems being used for the current elections are intended to ensure that the ballot has actually been completed by the registered individual, and hence - so long as they work - it should be more difficult for large numbers of misappropriated blank forms to be completed by fraudsters. But, erm, if you count a signature as a biometric (and why not?), then that gives us a biometric-verified postal ballot system already, right? And there's no obvious way that an ID card could be inserted into the process, unless it involves verification in person as part of the initial application for a postal ballot. Which would rather undermine the point of postal voting. Note also that verifying signatures on the form doesn't do anything to tackle intimidation and coerced bloc voting, and still leaves us with a system which encourages party workers inhabiting the grey area between 'helping' voters with their forms and hijacking them to step over the (actually very fuzzy) line.

Younger cites Northern Ireland as an example of the successful introduction of stricter ID rules in balloting. There, voting fraud was viewed as a problem and was tackled via the Electoral Fraud Act 2002, which required personal identification from voters, and that individuals (rather than heads of household) complete their own application forms. Photo driving licences were also introduced first in Northern Ireland as a sort of localised ID card. Younger's enthusiasm for the Northern Ireland solution is not however likely to be shared by politicians. In his view the system has worked well and has been largely accepted by the public, however the introduction of stricter regulations in Northern Ireland to combat fraud also led to a substantial drop in the number of registered voters, precisely the opposite of what the Government wants from postal and electronic voting.

Rave Guardian has been developed both by and for students
A system that tracks students through their mobile phones is among the new technologies being developed to help improve security at America's universities - something increasingly of concern since the tragic events at Virginia Tech in April.
College officials are increasingly looking to technology, from automated building lockdowns to campus-wide text messaging, to respond to campus emergencies.

One of the applications that is being pioneered to help is Rave Guardian - invented after research found that phones are one of the primary tools students use to keep safe.

Rave Guardian allows the student to set a timer - for perhaps half a hour, when they leave their friends' dorm room to go back to theirs. If they return safe they can simply turn off the alarm.

"If something did happen, it would transmit their location every three minutes - including their profile - to campus safety," Rodger Desai, president and CEO of the New York based company Rave Wireless, told BBC World Service's Digital Planet programme.

"So the user pops up on a Google map, wherever they are in the country, and campus safety knows that something may be wrong."

Student coders

Rave Guardian is part of a software package known as Rave Campus. The system is currently used by 25 campuses, but the company hopes to be in 70 by the end of the year.

New security systems are also being tried to improve response times
Rave Campus relies on Global Positioning Satellite (GPS) data for most of its applications to work - such as a "kit" for universities so that students can track the shuttles and buses as they move around the campus.

"You can pull up a map and see exactly where the buses are in real time," Mr Desai said.

"That way, you can save time and not wait for buses - but also, in terms of a safety point of view, if it's two o'clock in the morning and you're waiting for a bus, it's probably best if you know where the bus is before you wait outside alone."

The software has also been developed with the idea of handing it over to the universities to develop in their own way.

"We want to make sure the universities have value immediately for the students," Mr Desai said.

"The main premise is that it becomes a platform so that the university - and the students and community - can create their own applications with our interfaces."

One such development has been a way of inputting data from webcams on parking spaces, to see how many spots may be available before they set out for their journey.

Community tool

But Mr Desai also stressed that using the software for distance-learning is key.

"Things like podcasting and videocasting are becoming big requirements," he said.

"Students find it very fascinating. We did a small trial where half the students found they would listen to the same lecture again later as a podcast while they were working out, for example."

Mr Desai also explained that he is hopeful Rave Campus can go global - and possibly beyond education too, in places where the mobile phone is even more important in bringing communities together.

"Communities are beyond higher education," he said.

"We get questions from our mobile operator partners about whether we can do hospitals and military bases and cities in general.

"So I think there's a lot of interesting possibilities for the future - but I think we're completely committed to higher education at the moment."