The database behind the ID card scheme faces risks such as leaks by insiders, misuse by police forces and loss of integrity during the handover between outgoing and incoming technology providers, the identity commissioner has warned.
Sir Joseph Pilling (pictured), who is charged with monitoring the implementation of the National Identity Scheme, said on Thursday that Identity and Passport Service employees or contractors could compromise personal data in the National Identity Register in the future, either through error or being bribed by criminals.
"[There is a concern] the data will be vulnerable to people who are stupid or corrupt, either within the organisation or in one of the contractors," Pilling told ZDNet UK. "Fool-proofing corruption is not easy."
The Home Office responded by saying that access to the register will be controlled and audited to see who had accessed the data.
"The National Identity Register will be held within a secure repository and accredited to industry standards," said a Home Office spokesman. "Viewing of the register will be subject to strict access controls, and will be audited."
The National Identity Register will hold fingerprint information and personal details including name, address and National Insurance number. The technology behind the register is currently provided by Thales, but it will hand over to IBM, whose contract to provide technology starts in 2012.
Pilling spoke to ZDNet UK ahead of the publication on Friday of the First Annual Report by the Office of the Identity Commissioner, his first report to parliament. The commissioner said he is satisfied with the National Identity Scheme so far.
Its future and that of the database behind it hinge upon the results of the next general election, as the Conservatives have pledged to scrap the scheme should they win. If the scheme goes ahead, the issue of tight regulation of data sharing with other bodies will also need to be scrutinised, according to Pilling.
"Over the question of data sharing, there is quite a lot of understandable public concern," Pilling said. "Not concerning the unintentional transmission of data, but concern over the sharing of data with other organisations within the legal framework."
The sharing of biometric data with police forces, including the Serious Organised Crime Unit (Soca), has been raised by the public, he said. Certain people who have done nothing wrong are concerned that fingerprints they have provided for one purpose would be used for a different purpose.
Pilling gave the example of a general trawl of the National Identity Register for fingerprint information.
"If [the police] were investigating a series of rapes [a trawl could be understandable]. But suppose they were investigating something much less serious and go on a fishing expedition through personal data," said Pilling. "There could be a debate as to whether that information should or shouldn't be shared."
The Home Office spokesman said police forces will not have unlimited access to the database and will have to request specific data from IBM rather than trawl for data.
He added that the government department is working with Thales and IBM to ensure the integrity of the data.
Commenting on the upcoming handover between the two companies, Pilling said he was concerned about the transition of the technology from one company to the other. In particular, he highlighted the accurate transferral of data from a smaller to a larger database.
"There are issues around the arrangements for the transition," he said. "The technology Thales has provided will deliver up to a certain number of IDs, while the transition to IBM is still being worked on. Obviously I'll be concerned about the integrity of the data."
The use consumers can make of ID cards will also be kept under review. Pilling said that "a few more than two" people had already been turned away by officials when they tried to use ID cards rather than passports to leave the UK. Part of the Home Office rationale for the identity scheme is that ID cards can be used as travel documents.
In the instances where travellers with ID cards have been turned away, the problem had been with miscommunication within the companies in charge of checking documents, according to the Home Office spokesman. He said the Identity and Passport Service had disseminated information about acceptance of ID cards to those companies.
Talkback
Remember the first twin towers bomber illegally falsified personal records & killed anyone who could show this.
He trained on explosives here in Swansea being able to speak English badly but had the 'ID', so was never challenged, of an English language lecturer.
ID is a danger eliminating common sense.
I have just arranged and paid for flights but am not flying myself. In order to validate this arrangement I have, to all intents and purposes, given away my identity.
It strikes me that this this highlights the weakness of increasingly aggressive identity and validation schemes. Your ID is all over the place, secure or otherwise, arguably no longer your own.
I do not trust this 'government' with so much personal data. They have been shown in the past to have an extremely sloppy approach to data protection. Additionally, their record with large IT projects is abysmal - why should this be any different? Finally, when it does go wrong, and it will, I imagine some people's lives will be severely disrupted until the errors are put right - I recommend a viewing of the film 'Brazil'.