Manchester ID cards raise risks to personal data security

(07/05/2009)

Home Secretary Jacqui Smith has announced plans to introduce optional ID cards for Manchester citizens from Autumn 2009. All passport holders aged 16 and over will be able to apply for an ID card through their local post office, pharmacy or retailer at an introductory cost of £30.

Whilst there has been widespread condemnation over the total cost of the scheme, security experts are warning of the potential risk to personal data security.

Jamie Cowper, Director of Marketing EMEA, at PGP Corporation, has made these comments: “The purpose of ID cards is to increase security in the UK, but they may in fact have the opposite effect. Post offices, pharmacies and shops are certainly convenient places to apply for a card, but the public will need to be convinced of their security credentials before handing over their personal details for processing.

“Even if these high street outlets can prove they are able to process and record this data in a highly secure manner, there remains serious concern about how all this information will be centrally stored by the Government. Given the numerous public sector data breaches of late, the public is fully justified in expressing unease about these proposals.

“Ultimately if this trial is to be rolled out nationwide it is absolutely essential that the Government quashes these fears, deploying proven technology such as encryption to protect citizen data. This is the only way to keep personal data absolutely safe. Even if sensitive information falls into the wrong hands, as long as it’s encrypted it cannot be read by unauthorised parties so will remain secure.”

TSSI has branded the new government-led ID card scheme to launch in Manchester as premature. “The scheme works on the assumption that people will apply on a voluntary basis although it is not entirely clear what the real benefits to members of the public are,” said John Barker, General Manager, TSSI Systems Ltd.

“It is estimated that the ID cards will cost between £30 and £60 to produce at a time when the government is focused on curbing public spending. Advocates of the scheme point to the benefits of personalised public services, but this will rely on the appropriate supporting systems being in place which could take up to five years.”

“The estimated cost of the project to the Home Office is about £5 billon, but Dr Whitley of the London School of Economics estimates that the last four years has already seen astronomical costs of between £10-20 billion. So it seems to me as though the government has bitten off more than it can chew."

“One of the arguments for the introduction of ID cards is that they can help combat impersonation, ID theft and fraud. However, the Government’s proposed ID card scheme does not go far enough to address this issue. Stronger verification technology needs to be in place. Biometric technology alone does not suffice to prevent fraud. For example, the Dutch biometric passports were cracked soon after launching, despite strong encryption. Unfortunately, there is no such thing as a 100 per cent secure solution – and saying you’ve got one is an open invitation to hackers! All you can do is minimise the risk as far as possible.”

“What’s needed if the ID card scheme is to work is a belt and braces approach. Storing the data as an algorithmic encryption makes it impossible for even the most sophisticated fraudster to read or substitute. Even authorised personnel - and therefore any successful hackers - would only be able to view binary code, and not the finger, iris or facial data itself. They would also be unable to replicate the algorithm to clone the card. However, this method of encryption goes beyond the scope of the ID cards currently proposed.”

“With the projected cost of the scheme seemingly escalating and potential gaps in the security of the technology, is this really the right time to launch?”

Related topics:  Data management and data security   Encryption   Eye biometrics   Fingerprint biometrics   ID card 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources