ID cards, Hack, RFID, Home Office, Biometrics, Conservatives
The Home Office has said it is considering enlisting IT companies to test the security of its ID cards, but still refuses to meet a researcher who claims to have created a fake that would bypass security procedures.
Last week, RFID security expert Adam Laurie said he had found a way to hack into the chips on the ID card, and that a series of offers to demonstrate the crack had been rebuffed by the Home Office.
On Friday, the Home Office said that while it will not accept such submissions from individuals, it is considering how the security industry could contribute to tightening ID card protections.
"The Home Office is considering ways to engage with the industry to show that we have a 'gold standard' card which cannot be changed, modified or cloned," the spokesperson told ZDNet UK.
However, Laurie said his demonstration shows it is possible to copy and modify the personal data on an ID card chip, including biometrics, to produce a new chip that would fool security checks.
On Wednesday, the Home Office again refused to see the demonstration, according to investigative journalist Steve Boggan, who has been trying to broker a meeting between Laurie and the government department.
The Home Office said it had declined on the grounds that it did not want to be overwhelmed by individuals wishing to demonstrate ID card cracks.
"We do not believe an individual dialogue in this form is the most productive way forward in this regard," the department's spokesperson said.
The refusal to meet is a sign of the government's reluctance to acknowledge flaws in its ID card plan, Conservative shadow home affairs minister James Brokenshire said.
"The government seems determined to ignore criticisms of its costly and unnecessary ID card scheme," Brokenshire said in a statement. "This is typical of the government's cavalier attitude towards the safety of people's personal data. It should have listened to the Conservatives and scrapped the ID card scheme."
The Home Office is confident the cards will be hard to copy or modify and that the cryptography on the cards is robust, its spokesperson said.
"The identity card includes design and security features that are extremely difficult to replicate," said the spokesperson. "Furthermore, the card readers we will deploy will undertake chip-authentication checks that the card [Laurie] claims to have produced will not pass."
The government department declined to give any more detail about how and when it will speak to security experts about testing ID card security.
In order to post a comment you need to be registered and logged in
Log in or create your ZDNet UK account below
By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Membership FAQ
Hi Jake, I like your definition. I would add "Free to support, in whatever way you see fit and appropriate, or not." jw
56 minutes ago by J.A. Watson on Free Software Definition condensed
From what I've read here and elsewhere Viacom stands to lose very heavily from this spat. They have already lost all public credibility since it...
2 hours ago by Tezzer on Google, Viacom trade blows in YouTube copyright spat Still finding it difficult to get around the site. Some articles/comments seem to have reply links and some don't - only a link to the poster.
2 hours ago by Tezzer on ZDNet UK: faster, smarter, still IT all the way Unfortunately the real problem here is that a very small number of very big companies want to make a great deal of money out of this. Every house...
2 hours ago by Tezzer on It's high time we had a manifesto for fibre
this spam bot is exasperating
7 hours ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband :D I think the server exchange does slow down a bit round 5 to 7/8 pm but I find I mostly get 3 to 4 MBps on downloads and by that time there...
7 hours ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband night before last
7 hours ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband 5MBps, I saw 5.8
7 hours ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband honestly I do get
7 hours ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband thank you for the support. ..but in
7 hours ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband if you download a BIG file from the MS site then THAT is your *true* speed.
7 hours ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband Hi Fat Pop Do Wop!
7 hours ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband it filters the word 'aittude' mis spelled intentionally
7 hours ago by dava4444 on How to build a GUI for a toaster but with a fair amount of work, possibly. God Bless Dava
7 hours ago by dava4444 on How to build a GUI for a toaster But I think Googles idea could be developed into an able paradigm. right now, no.
7 hours ago by dava4444 on How to build a GUI for a toaster took there repos down for Ubuntu (I think there back now but they took a few months). I don't think there is a perfect answer,
9 hours ago by dava4444 on How to build a GUI for a toaster but the community coding and ideas would be gratis, maybe that's why OEM's can be 'slackers' when it comes to Linux. they just sit back and let...
9 hours ago by dava4444 on How to build a GUI for a toaster continued the bad point about that is hardware, a rival OEM can take your development and use it themselves and to retaliate you would have to go...
9 hours ago by dava4444 on How to build a GUI for a toaster continued Okay how about something like Google's approach 'semi-open source'? . the OEM pours cash in to development and code, whilst opening it...
9 hours ago by dava4444 on How to build a GUI for a toaster Hi Adrian em, interesting, yeah okay I can get this vibe, if I wanted VRec on my Tele I would need an embedded and tiny OS and you're totally...
9 hours ago by dava4444 on How to build a GUI for a toasterFor multi-store outlets, including retail, banking, grocery, gas, hospitality, convenience stores and others, reducing (or avoiding) the cost of in-store system support and maintenance while maintaining compliance with PCI and other requirements has become a strategic challenge.
Speaker: Dr. Chenxi Wang, Principal Analyst, Security and Risk Management, Forrester Research, Inc. As Enterprises are increasingly connected to the Internet and as hard organizational boundaries are fast disappearing, security professionals are facing fresh challenges in Enterprise computing.
This tutorial is for new MindManager users and teaches you how to get started, by creating maps, reading maps and organizing your information.
Talkback
"On Friday, the Home Office said that while it will not accept such submissions from individuals, it is considering how the security industry could contribute to tightening ID card protections.
CA 14 Aug 09 18:00 Reply"The Home Office is considering ways to engage with the industry to show that we have a 'gold standard' card which cannot be changed, modified or cloned," the spokesperson told ZDNet UK."
So the government is not willing to listen to individuals further more they are looking for opportunist security firms to placard there failed attempt with a crap meaningless seal of approval, or some might say there looking for scape goats to blame when the inevitable hits the fan.
Listening to individuals is exactly what they need to be doing because it will be individuals that crack your card right open, and some will not be as forth right as the one who has already approached them with offering possibility of a solution.
One thing I learned about our glorious civil service is that they place a value on advice in direct proportion to the about they paid for it. Free advice is worth nothing to them and they treat it with utter contempt.
Andrew Meredith 17 Aug 09 12:29 ReplyTo start to treat them with utter contempt and skip a payment or two on our annual tax bills.
CA 19 Aug 09 22:38 Reply