Storing personal biometric data on a CIS database could spell disaster for the UK public

(08/10/2009)

Millions of UK citizens' identities could be jeopardised if the UK Government goes ahead with plans to store biometric data on the Customer Information Service (CIS) database.

John Barker, managing director, TSSI, commented: "Storing personal biometric data on a database which is accessible to 140,000 users would have spelled disaster for the UK public. It would present an open invitation to anybody wanting to impersonate the IDs of millions of people."

"Only recently has it been revealed that council staff accessed the database to look up personal records and if they had access to biometric data as well, they would have been able to replicate these people’s identities. If the biometric data is stored in the same place as other personal information a hacker can simply join the dots and match this to the personal data and clone a person’s ID in one hit."

"What is needed if the ID card scheme is to work, is firstly, a belt and braces approach. Storing citizens’ biometric data in a separate place to other personal information, i.e. not on the CIS, and as an algorithmic encryption makes it impossible for even the most sophisticated fraudster to read or substitute. Even authorised council personnel – and therefore any successful hackers or corrupt employees - would only be able to view binary code, and not the finger, iris or facial data itself. They would also be unable to replicate the algorithm to clone the card."

Related topics:  Eye biometrics   Face biometrics   Fingerprint biometrics   ID card 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources