The Home Office has said it is considering enlisting IT companies to test the security of its ID cards, but still refuses to meet a researcher who claims to have created a fake that would bypass security procedures.
Last week, RFID security expert Adam Laurie said he had found a way to hack into the chips on the ID card, and that a series of offers to demonstrate the crack had been rebuffed by the Home Office.
On Friday, the Home Office said that while it will not accept such submissions from individuals, it is considering how the security industry could contribute to tightening ID card protections.
"The Home Office is considering ways to engage with the industry to show that we have a 'gold standard' card which cannot be changed, modified or cloned," the spokesperson told ZDNet UK.
However, Laurie said his demonstration shows it is possible to copy and modify the personal data on an ID card chip, including biometrics, to produce a new chip that would fool security checks.
On Wednesday, the Home Office again refused to see the demonstration, according to investigative journalist Steve Boggan, who has been trying to broker a meeting between Laurie and the government department.
The Home Office said it had declined on the grounds that it did not want to be overwhelmed by individuals wishing to demonstrate ID card cracks.
"We do not believe an individual dialogue in this form is the most productive way forward in this regard," the department's spokesperson said.
The refusal to meet is a sign of the government's reluctance to acknowledge flaws in its ID card plan, Conservative shadow home affairs minister James Brokenshire said.
"The government seems determined to ignore criticisms of its costly and unnecessary ID card scheme," Brokenshire said in a statement. "This is typical of the government's cavalier attitude towards the safety of people's personal data. It should have listened to the Conservatives and scrapped the ID card scheme."
The Home Office is confident the cards will be hard to copy or modify and that the cryptography on the cards is robust, its spokesperson said.
"The identity card includes design and security features that are extremely difficult to replicate," said the spokesperson. "Furthermore, the card readers we will deploy will undertake chip-authentication checks that the card [Laurie] claims to have produced will not pass."
The government department declined to give any more detail about how and when it will speak to security experts about testing ID card security.
Talkback
"On Friday, the Home Office said that while it will not accept such submissions from individuals, it is considering how the security industry could contribute to tightening ID card protections.
"The Home Office is considering ways to engage with the industry to show that we have a 'gold standard' card which cannot be changed, modified or cloned," the spokesperson told ZDNet UK."
So the government is not willing to listen to individuals further more they are looking for opportunist security firms to placard there failed attempt with a crap meaningless seal of approval, or some might say there looking for scape goats to blame when the inevitable hits the fan.
Listening to individuals is exactly what they need to be doing because it will be individuals that crack your card right open, and some will not be as forth right as the one who has already approached them with offering possibility of a solution.
One thing I learned about our glorious civil service is that they place a value on advice in direct proportion to the about they paid for it. Free advice is worth nothing to them and they treat it with utter contempt.
To start to treat them with utter contempt and skip a payment or two on our annual tax bills.