Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

TSSI opposes eGovernment use of UK ID cards

TSSI Systems : 31 October, 2008  (Technical Article)
Extension of UK ID card scheme to span government departments leads to increased possibility of abuse according to TSSI Systems
Following a speech by a senior Government security expert linked to GCHQ, in which he dismissed claims that ID cards will help the fight against terrorism as 'absolute bunkum' and stated that their real purpose is to assist eGovernment, identity experts TSSI systems said that such an extension of UK ID cards makes the scheme vulnerable to abuse.

"Extending the ID card scheme across other government services will make it vulnerable to abuse," said Stewart Hefferman, COO, TSSI Systems. "It's clear now that the government all along intended to link the ID card scheme into its other services. I've been concerned about such an extension of ID card use since they were very first announced."

"The big concern with ID verification is impersonation. Unfortunately, the Government's ID card scheme does not go far enough to address this problem - and linking the NIR into a variety of different databases, all accessible by various government employees - further exacerbates the problem."

"The two main weaknesses are firstly, an over-reliance on biometric security, and secondly, the preference for centralised data storage. Together these leave the ID card system vulnerable to cloning."

Harvey Mattinson, a senior consultant for CESG, the arm of GCHQ which advises government agencies on data security, made his comments in a speech at the Society of Information Technology Management annual conference. In addition, a presentation by identity minister Meg Hillier at the Biometrics Conference 2008 last week showed ID cards playing a part in accessing public services from 2015, including maternity allowance, tax returns, TV licences and incapacity benefit.

"Stronger verification technology needs to be in place. Biometric technology alone does not suffice to prevent fraud - despite strong encryption, the Dutch biometric passports were cracked soon after launching. Unfortunately, there is no such thing as a 100% secure solution - and saying you've got one is an open invitation to hackers! All you can do is minimise the risk as far as possible."

"What's needed if the ID card scheme is to work, is a belt and braces approach. Storing the biometric data as an algorithmic encryption makes it impossible for even the most sophisticated fraudster to read or substitute. Even authorised personnel - and therefore any successful hackers or corrupt employees - would only be able to view binary code, and not the finger, iris or facial data itself. They would also be unable to replicate the algorithm to clone the card."

"The way the information is stored and structured needs to be carefully implemented to avoid sowing the seeds of disaster!"

"Storing this data centrally and then linking this into a variety of databases is a security concern. Other countries such as France and Italy have stipulated that biometric information is stored only on the cards themselves - thus still within the possession of the individual."

'If it is stored centrally, then the biometric data must be stored separately from any other personal data. This would make it harder for any hacker to join up the dots and steal someone's identity or clone a card."

"I also strongly advise that back-end systems enable an audit trail of those personnel who have accessed individual records on those back end systems."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo