Articles: Identity cards and numbers

Govt proposes to scrap home address disclosure for DC candidatesThe 2015 nominations
South China Morning Post, 12-Oct-2019
There's no need to know the exact address, but voters have a right to know whether the candidate lives in their constituency or District or neither, as many DC's don't. So at least disclose that. We should also know exactly who is running. Without an address, that becomes harder, so instead publish HKIDs so we can check their directorships and other info without guessing which Chan Chi-Keung or John Doe is running. In the meantime, since it is public anyway, we include a link to the 2015 nominations in the Gazette.
The way we use Social Security Numbers is absurdOur 2010 article
FiveThirtyEight, 15-Oct-2015
This article covers the abuse of the US SSN as an authenticator. Hong Kong has similar problem - many organisations treat your HKIC number as a password rather than an identifier. The solution, as we said in 2010, is to give fair warning and then publish the whole list of ID numbers with corresponding names, so that nobody treats them as passwords afterwards.
HKT's abuse of ID numbers
Your ID number is not a password; so many firms and people know your identity - but dominant land-line provider HKT Ltd (6823) is using it that way to access your phone bills. HKT: Here to Cut Corners. (9-Sep-2014)
Webb on the "1 2 3 Show" re HKID cardsHKID check digit generator
RTHK, 2-Sep-2014
Start at the 15:20 mark.
SHKF's abuse of HKID numbers
Next in our series on the abuse of HKID numbers as passwords comes stockbroker Sung Hung Kai Financial, which uses them to "secure" e-mailed statements. (19-Dec-2013)
Citibank's abuse of HKID numbers
We urge another bank to cease and desist from treating the HKID as a password. (18-Dec-2013)
CCB Asia's abuse of HKID numbers
Time to start embarrassing service providers into stopping the abuse of HKID numbers as authenticators or passwords. We start with China Construction Bank (Asia) Corp Ltd. (26-Nov-2013)
LCQ10: Smart identity card
HK Government, 15-May-2013
Government calls the current card "effective". It isn't. When we renewed our e-Cert in Jan-2013, we received a 2048-bit certificate, but then Hongkong Post told us "the current Smart ID card is not capable of storing the 2048 bits e-Cert". So we had to send it back and downgrade to the older 1024-bit e-Cert, which is 2^1024 times less secure. The system is obsolete, but Government is only "planning to conduct a study" - not even conducting one. We suppose that is better than "planning to plan to conduct a study".
HKIDs and Government secrecy
Webb-site calls on Government to abandon plans to restrict access to HKIDs, and instead to promote their use as unique identifiers of individuals and eliminate their misuse as authenticators. A media exemption would imply media controls. We launch an index of HKIDs which are already on the web. The Companies Registry and Land Registry should tear down the pay-wall and provide open online access to all documents. (12-Feb-2013)
Your ID number is not a password
There is a common misconception that HK identity card numbers are secrets, a misconception that Government is promoting by its policy actions, putting us on the road to increased abuse of the HKID and higher economic losses from fraud. To prevent this, the register of ID numbers and names should be published, after a transition to allow commercial abusers to stop abusing the ID for authentication. This article also looks at the unfulfilled potential of the Smart ID Card, including biometric authentication and electronic money. (8-Nov-2010)

Sign up for our free newsletter

Recommend Webb-site to a friend

Copyright & disclaimer, Privacy policy

Back to top