One of the country's top police officers has criticised the government's identity cards scheme, saying it will become a prime target for hackers.
Colin Langham-Fitt, acting chief constable of Suffolk Constabulary, slammed the proposed National Identity Register as creating a massive security threat.
Speaking to ZDNet UK at the Government IT Summit on Monday, Langham-Fitt said that criminals would pay unlimited amounts to subvert the national identity database. "In creating a national database you are creating a gold standard for ID [authentication]," said Langham-Fitt. "It will be worth whatever it costs to hack it, to mirror it and subvert it."
Langham-Fitt said that having an ID database would not work as a counter-terrorist measure because terrorists would mask their identities. "We are at risk from insider threats and card cloning. The idea the card can be used to fight terrorism is completely fatuous. This scheme is convenient for government, but not for citizens," said Langham-Fitt.
Sentry Posts Blog
Guarding the network
What you need to know — and what you and your peers have to tell us — about security management in our new community group blog
The police chief said that, if hackers can break into Nasa, then there is no such thing as total security, and that the cost of the scheme (£5.7bn) is "a huge cost to subject people to".
He added that holding suspected criminals' fingerprints indefinitely on linked databases is "a cause for concern", because those people may not be charged with the crime.
But other senior police personnel argued that the database was a useful crime-fighting tool.
Phillip Webb, former chief executive officer of the Police Information Technology Organisation (PITO), said that linking police and identity databases could help to solve unsolved crimes. "The ID database as a super-tool is of huge value to us," said Webb. "Today we have 1.2 million [fingerprint] marks from crimes that we don't know who they belong to."
However, Webb warned that civil liberties could be affected by linking police and identity databases. "Few countries in the western world allow us to keep [fingerprint] information indefinitely," said Webb. "If someone is charged [with a crime], we can keep it, but we can't keep it without a charge."
One senior government IT professional also defended the scheme. John Suffolk, the government's chief information officer, told ZDNet UK that, to enable transformational government, a national identity database was essential (transformational government is the delivery of government services using new technologies, and the use of shared services between government departments). "For shared services and combined contact centres, and, for example, the ability of a citizen to register a death once, we must provide technological assurances of the identity of the citizen, and we must share data," said Suffolk. "By definition, systems have to talk to other systems and, by definition, that needs to be secure."
"It's absolutely right that we have to protect data if thousands of organisations have access to that information. We have to make sure [data transfer] is safe, secure, and reliable," he added.
Annette Vernon, the chief information officer of the Identity and Passport Service, told ZDNet UK that holding data centrally would be safer. "We're already in a society where a lot of information is held in a myriad of places. Data held centrally will be more secure."
However, Vernon admitted that the costs of the scheme could be its Achilles heel. The latest figures published by the government forecast the costs as being £5.7bn over 10 years. Vernon said that to take the latest reports at face value would be to ignore that the majority of costs are set-up costs. "The costs reports go down to a level of detail, [but] the way the costs have been [interpreted] is not quite true. But the fact is costs have increased, and it's a 10-year rolling figure. This is a big and complex problem — to make sure the business case shows benefit."
Vernon admitted that the government need not stick to any cost projections at all for the scheme, and would be able to alter projected costs at will. "What we will do is adhere to the costs reports published every six months — but the costs report is subject to change," she said.
Talkback
The one comment that sticks out above the rest for me is:
"We're already in a society where a lot of information
is held in a myriad of places. Data held centrally will
be more secure."
Why ?!
How can it be true that doing the work of gathering and concentrating information about a person and placing it in a single database with multiple access routes; makes that information more secure?!
I would suggest that most people would make the implicit assumption that that would make it *less* secure.
Not only is decentralization more secure from a physical point of view (a well decentralized network, like the Internet, is nearly impossible to take down) but from other points of view as well.
Budget wise a well designed decentralized solution cost a whole lot less, certainly in the long run.
Security wise there are more eyes watching, so less chance of (human) corruption. As well as abuse and misuse. Remember, information security is less about technical and much more about human wants, political needs, power abuse, greed, control, ignorance, blackmailing, misinformation, etc.
Information wise it's better to combine the best of various worlds together. Some data resides better in database X while other data is better handled in database Y. Some data is better maintained by organization X (security clearing, trainings, etc) then organization Y. Often it's better to have bits and pieces of meaningless data scattered all over the place and only allow it to become meaningful information under certain circumstances and conditions. Usually a more time proof solution as well.
As such the question is more about connecting the dots then trying to convert and centralize all sorts of data in some big pile of "one size fits all" that can only make sales persons, control freaks, spreadsheet managers and wannabees happy.
Also take into account the "computer is always right" syndrome. Typos, data entry errors, misinterpretations, deliberate false data, etc can devastate people, ruin careers, destroy social bands and what not just because someone reacts to what's displayed on the screen in front of them. Having incorrect data about you in one database of the hundreds of databases you're already in is one thing. Now picture having incorrect data about you in the master database that overwrites all others. Wow, you better stay friends with the ones that control that database. Because once the system says you're bad or suspect guess how you'll be treated from thereon.
Oh right, those that have nothing to hide need not to hide anything. Sure, until some overworked police officer misfiles a criminal report. Or a tax inspector makes a typo. Or some primary school teacher enters a psychological report into your school records and 10 years later the university rejects your student seat for reasons untold. To name but a few examples.
People don't understand that once entered data will follow them for a lifetime. Do you know the who, why, what, when and where about the data that concerns you and your children? Might people be involved in that process? Are people without fault each and every time? Maybe mean well but don't have a real clue about what they're causing? All criminals say they didn't do it. And the computer is always right.
It doesn't matter how ineffective and inefficient this ID Card scheme will be and how much this will cost to implement, because clearly the government is still going ahead with it!...
No matter how many people disapprove of this scheme, no matter how much of the cons stack against the pros, the government has clearly decided to ignore all that and go ahead with it. The people/population simply don't have a say in this.
And that is the disappointing thing.
Following details show that these ID cards will make bad problems worse and hence should not be implemented at any cost.
These biometric ID cards will not be effective where there is no reading equipment and hence they will
Like Chip and PIN system divert fraud to other sectors and
Provide fraudsters option to use fakes of these cards as IDs. So rather than deterring these cards will boost more identity fraud.
While it may be a deterant to crime its offering some greater avenue for super criminal connectivity isuring them a way to connect themselves into a network of their own makings. Least nothing to a supercomputer programmer that could find and monitor such criminal networks when they begin operations but you got lots of people ouit there that don't know one another. The other ball of wax deals with the ill-conceived DNA database, of the many fugitives at large in America are Hispanics that have few criminal records that have no DNA on file and may never have because they elude prosecution so often. DNA evidence is only good when you have some database to match it to and theres no Hispanic database in America but there is progress. Besides this aspect of computing the DOT (Department of Transportation has banned Windows Vista stating it don't support their current operations and theres to many man hours required setting it up, but that later on in the future they will consider Vista as accepted. Police have so many smaller crime details to deal with I figure that their organisation needs to be relaxed for a ID system to work as it should from dedicated satellite reader systems within vehicles to backpack models that weigh quite less. Some Japanese & Chinese phones have the capability of scanning a credit card, they are not available in America yet but consumers would be purchasing them rapidly. This is one thought for European useage but again making a service work with such devices is like creating a Directory of users so they swipe the card and the device works as a identifier for a special account they only have access to if they are not allowed to have WII phones, Internet Phones, Computer Phones, or Cellular Phones personally. One major problem it seems is dealing with criminals and then its dealing with products they have access to.