in memoriam Chris Lightfoot, 1978 – 2007

I am immensely sad to have to report the death of Chris Lightfoot, NO2ID’s system administrator, campaign stalwart and developer par excellence. Chris was found by friends at his flat on 11th February 2007, and his funeral was held last week.

Those of us who knew Chris appreciate how much more than his extraordinary talent for programming he brought to our campaign – and to the other organisations and people with whom he worked. We shall all miss his sharp wit, quick tongue and formidable analytical skills; his wide-ranging, articulate and often highly original contributions; and his passionate commitment to privacy and civil liberties. Chris was a formidable debater and an excellent, amusing and engaging public speaker – but was always happy to muck in with bread-and-butter campaigning tasks like leafletting and manning street stalls.

Chris, more than most, understood how important it is that we should all have the choice of what about ourselves we share with others. His intellectual honesty and keen appreciation of human dignity informed all that he did, and it is no overstatement to say that the whole UK political arena and IT community will suffer by his loss.

His contribution often boiled down to creating something simple that others could, and do, use – or cutting through unnecessary complexity to the heart of the matter. Chris’ analysis of volunteered data most recently allowed NO2ID to demonstrate insecurities in the passport, to which we now hope the authorities will attend. His achievements were often all the more impressive for the speed at which they were delivered; in quick-fire e-mail exchanges, or bursts of coding that convinced many he could type as fast as most normal people can speak.

I’m sure that Chris’s friends and colleagues all agree his work – some of which you may have used without knowing, such as NO2ID’s peer-lobbying tool and TheBigOptOut.org or the mySociety team efforts FaxYourMP (now WriteToThem.com) and PledgeBank.com – will stand as a memorial to his integrity, talent and principles for many years to come.

Rest in peace, Chris.

Phil Booth
National Coordinator, NO2ID

‘Safest ever’ passport is not fit for purpose

Sue Reid writes in the Daily Mail:

They are the “safest ever”, according to the Government. But the Daily Mail reveals today how easily a person’s identity can be stolen from new biometric passports.

A shocking security gap allows the personal details and photograph in any electronic passport to be copied from the outside of the envelope in which it is delivered to homes.

The passport holder is none the wiser when it arrives because the white envelope has not been tampered with or opened.

Using a simple gadget built from parts bought on the Internet, it took the Mail less than four hours to copy the details from one passport.

It had been delivered in the normal way by national courier company Secure Mail Services to a young woman in Islington, North London.

With her permission we took away the envelope containing her passport and never opened it.

By the end of the afternoon, we had stolen enough information from the passport’s electronic chip – including the woman’s photograph – to be able to clone an identical document if we had wished.

This is a demonstration of the “sealed envelope” attack postulated in a Guardian article last year. The December 2006 “Action Plan” confirms that the Home Office still intends ID cards to be usable as passports within Europe – this presumably means they would contain the same RFID chip as the ICAO-compliant passport copied in this attack.