Security expert Bruce Schneier has slated the UK's ID card scheme, saying that not only will it not solve e-crime, it will also make ID theft worse.
The security guru told ZDNet UK on Wednesday that the risks of implementing a centralised ID card scheme were "severe", with little return on the investment required.
"Having a single ID is much more dangerous [than multiple IDs]," said Schneier. "ID theft is fraud due to impersonation. If you have a centralised ID card, you are making that ID that much more valuable to criminals," Schneier added.
Last month, the House of Lords finally passed the government's ID cards bill. This means that from 2010 UK citizens will be issued with a biometric identification card when they renew a passport. An opt-out will be available until 2010, although citizens will still have their biometric and other personal details entered into the National Identity Register.
Schneier believes that criminals would be willing to pay a premium for stolen IDs because of the perception that single ID provides stronger authentication, and because the cards could be used to authenticate financial transactions in the future. He also rubbished the UK government's claim that ID cards will help in the fight against terrorism, saying the cards can easily be stolen or counterfeited, effectively hiding terrorists' identities.
"ID can be hijacked, and cards can be faked. All of the 9/11 terrorists had fake IDs, yet they still got on the planes. If the British national ID card can't be faked, it will be the first on the planet," Schneier said.
Schneier's comments echo criticism by Professor Ian Angell of the London School of Economics, who labelled the scheme "a diabolical shambles" in February.
Merlin, Lord Erroll, speaking at the Infosecurity conference on Tuesday, also criticised the scheme for the amount it would cost, saying the money could be better spent on security schemes that focused on e-crime and criminals, rather than a blanket ID card that also logged the details of innocent people.
"You consider the millions [of pounds] to sort out ID cards. It will cost £584m a year towards an ID card that has not been proven. I could solve a lot of security problems with £584m," said Erroll in a keynote speech.
Erroll questioned the Home Office motives for the scheme, saying that central government ultimately wanted to use the cards to control the public.
Erroll also said that the proposed national identity register would be a prime target for criminals wishing to buy ID, and said it is a certainty that criminals would succeed in this as they would be willing to pay huge amounts to the unscrupulous, or could target the beliefs of the idealistic.
"At the end of the day, people can be seduced too easily. Most people have their price, or they have their ideals," said Erroll.
Talkback
I can't wait until they tie this in with the NHS, so that unless they can verify who you are, you don't get treated, should be fun when the database crashes just after a major incident....
I can just imagine the scene when a hospital's civil servant shill enters the waiting rooms of a hospital...
"I'm sorry folks, but even though you've just been involved in a bus accident, and are all going to die if we don't treat you, the database is down and we can't prove you're entitled to care, so please make your way to the exits."
But in all seriousness, his concerns are probably bang on the money with regard to them being used to control people - look at how Labour have consistantly dealt with protests of any sort, hell, look at how protests in the last 25 years have been dealt with by various governments... The future where they have total information awareness and can effectively shut down any protest no matter how trivial at a touch of a button doesn't even bare thinking about.
Also, look at how successful other Government IT projects are (NHS!).
Does the government also think that it will cost as much as they say? They will force IT companies to keep the proposed cost to an artificially low level (they will throw out any bid that is above their "proposed" cost). Once the work is 30 - 40% done the winners of the bid will then have to go back to the government and say that they are not having the project delivered unless they pay £n Billion or tax payers money (obviously this will be accounted for in ways that make the true cost almost invisible!)
I wouldn't worry about it for three reasons
1) With the present shambles the govt might not be in power long enough to implement the scheme
2) It will cost 10 times the estimate like all govt schemes, ie £500bn rather than 50bn
3) When they have to start fingerprinting ordinary people like criminals, expect a BIG backlash.