GT200 bomb detector
fraud and Smart ID cards
Don Sambandaraksa
on how these cases are similar
By Jon Fernquest 
A
student once told me they wanted to write their research report on smart ID
cards in
Thailand. I told them they should read Don Sambandaraksa's articles on the subject in the Bangkok Post.
The student wouldn't really understand what was going on with smart id cards in Thailand unless they read his articles.
The articles told a sad story of bureaucratic incompetence, a dangerous story for journalists to tell.
If a journalist makes a government official unhappy, the reasoning goes, they will lose that official as a source of information and without access to information how can a journalist continue working as a journalist? (Investigating Local Governments: A Manual for Reporters (2001) by the Philippine Center for Investigative Journalism, describes this beautifully, pages 43-50, not aware of any study of this reality in Thailand).
Today's article shows you how decision-making happens in government committees. The following comment by a government official about the smart ID cards is particularly telling:
"They are compliant, as the committee voted them as compliant."
What the committee says is the truth without accountability or the need to explain or one's actions, basically a justifylaw or truth unto themselves.
Today's article begins after the vocabulary:
smart cards - a
card with a computer chip inside of it which can store and process
information, used for applications such as identification, healthcare ,
computer security and for financial transactions (See Wikipedia)
smart ID cards - a national or company ID card that uses smart card technology inside of it
bureaucracy (noun) - all the government departments with the officials and civil servants that work within them
bureaucrat (noun) - a person working in a bureaucracy
bureaucratic (adjective) - typical behaviour in a bureaucracy: slow, thorough, following all the rules to the letter
competent (adjective) - able to perform a task correctly
competence (adjective) - not able to perform a task correctly
incompetence (noun) - the state or condition of not being able to perform a task correctly
...the reasoning goes,... - ...this is how it is explained by people...
source of information - a place where you get information
access to information - being able to get information
is particularly telling - shows you what is happening in truth
compliant - doing what the rules or standards say you must do
committee - a small group in a large organisation that meets to check and invetigate issues and make decisions
accountability - when you have to explain your actions and decisions to other people (hopefully the people you are serving)
justify - give reasons for doing something
a law or truth unto ourselves - what they is right or true, by definition, no need to explain
smart ID cards - a national or company ID card that uses smart card technology inside of it
bureaucracy (noun) - all the government departments with the officials and civil servants that work within them
bureaucrat (noun) - a person working in a bureaucracy
bureaucratic (adjective) - typical behaviour in a bureaucracy: slow, thorough, following all the rules to the letter
competent (adjective) - able to perform a task correctly
competence (adjective) - not able to perform a task correctly
incompetence (noun) - the state or condition of not being able to perform a task correctly
...the reasoning goes,... - ...this is how it is explained by people...
source of information - a place where you get information
access to information - being able to get information
is particularly telling - shows you what is happening in truth
compliant - doing what the rules or standards say you must do
committee - a small group in a large organisation that meets to check and invetigate issues and make decisions
accountability - when you have to explain your actions and decisions to other people (hopefully the people you are serving)
justify - give reasons for doing something
a law or truth unto ourselves - what they is right or true, by definition, no need to explain
Tech News
OPEN Thought
Stating the obvious: The GT200 is a fraud
10/02/2010Don Sambandaraksa
It's the emperor's new clothes all over again. The GT200 is a fraud, but why are people so scared to say it.
As Nectec begins to test the GT200 dowsing bomb-detector divining rod, spare a thought to what happened back in 2005 when the centres was called in by the Prime Minister to resolve a disagreement between the ICT Ministry, who procured 12 million smart ID cards, and the Interior Ministry, who were to use the unusable cards as delays mounted in building a system around those cards.
emperor's new clothes -
a story about "two weavers who promise an Emperor a new suit of clothes
invisible to those unfit for their positions or incompetent. When the
Emperor parades before his subjects in his new clothes, a child cries
out, 'But he isn't wearing anything at all!'" (See Wikipedia)
it's Y all over again - it is like event Y is happening again
obvious - clear; easy to see, recognise or understand ชัดเจน
fraud - the crime of international deceiving someone or cheating in order to gain an advantage or benefit การฉ้อโกง การหลอกลวง เล่ห์เพทุบาย
detector - a device used to find particular substances or things, or measure their level เครื่องตรวจจับ
spare - something not being used yet (so available to be used for something else)
spare a thought... - please take some time to read and consider this....
resolve - to solve a problem, or to find a satisfactory way of dealing with it แก้ไขปัญหา
delays mounted - delays increased
it's Y all over again - it is like event Y is happening again
obvious - clear; easy to see, recognise or understand ชัดเจน
fraud - the crime of international deceiving someone or cheating in order to gain an advantage or benefit การฉ้อโกง การหลอกลวง เล่ห์เพทุบาย
detector - a device used to find particular substances or things, or measure their level เครื่องตรวจจับ
spare - something not being used yet (so available to be used for something else)
spare a thought... - please take some time to read and consider this....
resolve - to solve a problem, or to find a satisfactory way of dealing with it แก้ไขปัญหา
delays mounted - delays increased
In June 2005, the project to issue Smart ID Cards made headlines after the National Electronics and Computer Technology Centre, an agency under the National Science and Technology Development Agency, Ministry of Science and Technology, was called in to conduct a fact-finding study into the project, which at the time lay in tatters.
The ICT Ministry, charged with procuring the cards, and the Ministry of Interior (MoI), who were issuing and using them, were blaming each other for technical problems that had resulted in serious delays in the IT mega project.
issue
- to give or provide something official แจกจ่าย
made headlines - was important news in the newspaper
National Electronics and Computer Technology Centre (NECTEC) -
conduct - to do something in an organised way; to carry out
lay in tatters - was ruined (like old ripped clothes)
procure - buy, get (the formal process of searching for and buying things in a large organisation or company)
charged with procuring... - given the job of searching for and buying...
issuing - officially giving something to people ออกคำสั่ง
made headlines - was important news in the newspaper
National Electronics and Computer Technology Centre (NECTEC) -
conduct - to do something in an organised way; to carry out
lay in tatters - was ruined (like old ripped clothes)
procure - buy, get (the formal process of searching for and buying things in a large organisation or company)
charged with procuring... - given the job of searching for and buying...
issuing - officially giving something to people ออกคำสั่ง
The Nectec report found the cards sub-standard and non-compliant with the ToR on at least four key points. However, the ICT Ministry's own 10-person committee conveniently ignored the Nectec report and pronounced the cards compliant in a 5-3 vote. There was one abstention, one resignation and the representatives from the MoI, Nectec and the ICT Ministry's own legal affairs officer all voted the cards as non-compliant, but to no avail.
standard - an
acceptable level of quality or achievement
sub-standard - failing to meet acceptable levels of quality or achievement
compliant - doing what the rules or standards say you must do
non-compliant - has not done what rules or standards say you must do
Terms of Reference (ToR) - limits set on what someone has been asked to do (how the scope of a project will be defined, developed, and verified) (See Wikipedia)
key - most important ที่สำคัญ
pronounced - declared, said officially
abstention - choosing not to vote on something
resignation - the act of leaving a job permanently ลาออกจากตำแหน่ง
affairs - events and activities relating to the government, politics, economy etc of a country, region, or the world ความสัมพันธ์ระหว่างประเทศ
legal affairs officer - the person in an organisation who deals with the law and legal issues
to no avail - were not successful (when they tried to do something)
sub-standard - failing to meet acceptable levels of quality or achievement
compliant - doing what the rules or standards say you must do
non-compliant - has not done what rules or standards say you must do
Terms of Reference (ToR) - limits set on what someone has been asked to do (how the scope of a project will be defined, developed, and verified) (See Wikipedia)
key - most important ที่สำคัญ
pronounced - declared, said officially
abstention - choosing not to vote on something
resignation - the act of leaving a job permanently ลาออกจากตำแหน่ง
affairs - events and activities relating to the government, politics, economy etc of a country, region, or the world ความสัมพันธ์ระหว่างประเทศ
legal affairs officer - the person in an organisation who deals with the law and legal issues
to no avail - were not successful (when they tried to do something)
Democracy prevailed and the cards were compliant because the committee voted them as such, despite over-whelming scientific evidence to the contrary.
The four points identified by Nectec were that the 12 million cards were not Java-compliant; did not have any working PKI (public key infrastructure)encryption; did not have the required 32 KB of available memory; and could not safely add or remove applets without affecting other applets.
prevailed - won (was
dominant or most common in the end)
evidence - information that is used to prove something หลักฐาน
contrary - completely different or opposed to something else ตรงข้าม
overwhelming - so much you cannot resist it (examples: they won the legal case because of overwhelming evidence, they won the war with overwhelming force)
over-whelming scientific evidence to the contrary - there was very convincing scientific evidence that it was not true
identified - named ระบุชื่อ
PKI (public key infrastructure) - a combination of software, encryption technologies and services that enables organizations to protect the security of their electronic communications and on-line transactions in an insecure public network like the internet (See Wikipedia)
encryption - turning ordinary language into a secret code to protect and conceal it (See Wikipedia)
memory - something that you remember from the past; the ability to remember information, experiences and people ความจำ
remove - to take something away เอาออกจาก
evidence - information that is used to prove something หลักฐาน
contrary - completely different or opposed to something else ตรงข้าม
overwhelming - so much you cannot resist it (examples: they won the legal case because of overwhelming evidence, they won the war with overwhelming force)
over-whelming scientific evidence to the contrary - there was very convincing scientific evidence that it was not true
identified - named ระบุชื่อ
PKI (public key infrastructure) - a combination of software, encryption technologies and services that enables organizations to protect the security of their electronic communications and on-line transactions in an insecure public network like the internet (See Wikipedia)
encryption - turning ordinary language into a secret code to protect and conceal it (See Wikipedia)
memory - something that you remember from the past; the ability to remember information, experiences and people ความจำ
remove - to take something away เอาออกจาก
The vendor, ST Microelectronics, had supplied a card that had a non-Java, proprietary PKI engine which, while it may have worked, could not be tested, as it required a non-standard programming subroutine to invoke. They argued that the ToR did not explicitly call for official Java PKI, only that a form of PKI be present.
Nectec reasoned that a Java card without a Java encryption engine was not a Java card. Similar arguments ensued for the other points. Memory in particular was clear-cut to many, but not to the polit-bureau.
vendor
- a company that sells something
proprietary - owned by a company which charges for it (example: expensive proprietary software vs. cheap open source software)
tested - put in a difficult situation ถูกทดสอบ
invoke - use
subroutine - a small reusable piece of a computer program that does one task
invoke a subroutine - when a computer program uses a subroutine to do a task in the program
X calls for Y - X says must do Y
explicitly - shown clearly and openly (without trying to hide anything)
bureau - a government organisation, in this case, within the police department สำนักงาน
clear-cut - clear, easy to see, not complicated and messy
polit-bureau - the small group of people who used to rule over Russia in the days of Communism
proprietary - owned by a company which charges for it (example: expensive proprietary software vs. cheap open source software)
tested - put in a difficult situation ถูกทดสอบ
invoke - use
subroutine - a small reusable piece of a computer program that does one task
invoke a subroutine - when a computer program uses a subroutine to do a task in the program
X calls for Y - X says must do Y
explicitly - shown clearly and openly (without trying to hide anything)
bureau - a government organisation, in this case, within the police department สำนักงาน
clear-cut - clear, easy to see, not complicated and messy
polit-bureau - the small group of people who used to rule over Russia in the days of Communism
The card had 66 KB of memory, but only 32 KB was available to the JavaCard applications. However, 4 KB was used for a patch; a bug fix of sorts to help circumvent security to fix the memory management module.
That meant that only 28 KB was left for applications as delivered.
I asked the chairman of the acceptance committee how much 32 minus 4 was. She said: "They are compliant, as the committee voted them as compliant.
JavaCard - (See
Wikipedia)
applications
circumvent security
memory management module
patch - a small area which is different in some way from the area that surrounds it ที่ดิน
bug, a software bug - a problem or error in a program or computer software
bug fix -
a bug fix of sorts -
security - the need to provide safety from attack, harm or damage ความปลอดภัย
acceptance committee - the group of people who decide whether to accept a project as complete (that the government paid for)
applications
circumvent security
memory management module
patch - a small area which is different in some way from the area that surrounds it ที่ดิน
bug, a software bug - a problem or error in a program or computer software
bug fix -
a bug fix of sorts -
security - the need to provide safety from attack, harm or damage ความปลอดภัย
acceptance committee - the group of people who decide whether to accept a project as complete (that the government paid for)
More worrying was the terms of the test. In his initial interview in 2005, then-Nectec Director Dr Thaweesak Koanantakool said the ICT Ministry and ST Micro had refused to give his team access to engineering documents which would have shown who signed off the production run, the memory partitioning and, more importantly, which programmes were installed in the native partition. He also said that during the test, the ICT Ministry had given his team only the minimum amount of time to run the tests and quickly took the card back afterwards.
terms
- conditions; requirements ข้อกำหนด
initial - early; first ในเบื้องต้น
interview - to ask someone questions in a meeting for a newspaper article, television show, etc. The noun form is also interview สัมภาษณ์, การสัมภาษณ์
access - the right or opportunity to have or use something ได้รับสิทธิ์หรือโอกาสในการใช้
signed off -
production run -
partition -
memory partitioning -
native partition -
native - someone who was born in a particular place ชาวพื้นเมือง
partition - a division, separating a country into two or more parts การแบ่งกลุ่ม
initial - early; first ในเบื้องต้น
interview - to ask someone questions in a meeting for a newspaper article, television show, etc. The noun form is also interview สัมภาษณ์, การสัมภาษณ์
access - the right or opportunity to have or use something ได้รับสิทธิ์หรือโอกาสในการใช้
signed off -
production run -
partition -
memory partitioning -
native partition -
native - someone who was born in a particular place ชาวพื้นเมือง
partition - a division, separating a country into two or more parts การแบ่งกลุ่ม
However, Dr Thaweeksak's team did manage to find an EMV module - a Europay Mastercard Visa e-cash module - in the card hidden in the native partition.
Quite why ST Microelectronics provided a card that lacked what was called for in the Terms of Reference and instead provided lots of things that were not called for, such as the e-Money module, no doubt at considerable cost, remains a mystery to this day.
module - computer
software that performs some task
cash - money in the form of notes or coins เงินสด
cash - money เงินสด
considerable - large; of noticeable importance จำนวนมาก
considerable - ค่อนข้างใหญ่
remains a mystery to this day - up to now no one knows what happened and why it happened
cash - money in the form of notes or coins เงินสด
cash - money เงินสด
considerable - large; of noticeable importance จำนวนมาก
considerable - ค่อนข้างใหญ่
remains a mystery to this day - up to now no one knows what happened and why it happened
But back to the GT-200. The BBC's Newsnight programme has run an investigation on what it calls "magic wand" bomb detectors that include the AED-651 and the "almost identical" GT-200.
The BBC took the device to university scientists, who took the device and its substance cards apart only to find that the rod-holding device itself had no electronics all and the expensive substance cards were nothing more than pieces of cardboard with an RFID security tag glued to them to make them look a bit technical
The black box holding the detector card was nothing more than an empty case.
Indeed, the summary was that the GT200 was nothing more than a (15th century) divining rod used by witches to find water.
investigation
- the process of trying to find out all the
details or facts about something in order to discover who or what
caused it or how it happened การตรวจสอบหาข้อเท็จจริง
investigation - the process of trying to find out all the details or facts about something การสอบสวน
device - a machine or piece of equipment that does a particular job อุปกรณ์ เครื่องมือ
device - a machine or piece of equipment that does a particular thing เครื่องจักร
substance - based on accurate or true information มีมูล
empty - having nothing inside ว่างเปล่า
century - a period of one hundred years ศตวรรษ
investigation - the process of trying to find out all the details or facts about something การสอบสวน
device - a machine or piece of equipment that does a particular job อุปกรณ์ เครื่องมือ
device - a machine or piece of equipment that does a particular thing เครื่องจักร
substance - based on accurate or true information มีมูล
empty - having nothing inside ว่างเปล่า
century - a period of one hundred years ศตวรรษ
Later, the UK business secretary slapped an export ban on the GT200 / AED 651 to Afghanistan and Iraq to protect the lives of British servicemen and the managing director of its maker was arrested on charges of fraud.
Makes one wonder why many politicians and specialists, as well as army people in Thailand, seem to be rallying behind the GT200. Should we not focus on the lives of the army personnel and villagers being blown up daily in the South rather than play political brinkmanship.
The device is a fraud. I fully expect my capable friends at Nectec to say it is a fraud, as much as I expect the Nectec report to find its way through committee after committee and a few years later, when dozens more have died from explosions, for a bureaucratic committee somewhere to vote it as being a proper bomb detector.
ban
- to say officially that people must not do, sell or use something
การประกาศห้าม
brinkmanship
capable - able to do something; very good at a job มีความสามารถ
bureaucratic - relating to government departments or officials เกี่ยวกับระบบราชการ
proper - actual or real จริง (พระราชพิธีพระราชทานเพลิงพระศพจริง)
brinkmanship
capable - able to do something; very good at a job มีความสามารถ
bureaucratic - relating to government departments or officials เกี่ยวกับระบบราชการ
proper - actual or real จริง (พระราชพิธีพระราชทานเพลิงพระศพจริง)
Of course, democracy is everything in this country and voting for an empty box with a wiggly diving rod attached as a bomb detector device makes it one. Besides, the blown-up soldiers and villagers who would argue otherwise are conveniently dead and thus do not get a say on the voting committee.
Why is society so scared of pointing out the obvious, that the emperor remains naked.
naked
- not wearing any clothes
(Source: Bangkok Post, Stating the obvious: The GT200 is a fraud, 10/02/2010, Don Sambandaraksa, link)
