Tony Collins

The Home Office has confirmed it is reconsidering plans to use the Customer Information System system to store biometric data for the ID card scheme.

The Customer Information System (CIS) - which is run by the Department for Work and Pensions (DWP) - has yet to meet the Cabinet Office’s latest standards on IT security, Computer Weekly has learned.

Computer Weekly revealed in August that thirty four council staff accessed the CIS database to snoop on the personal records of celebrities and acquaintances. Nine of the council workers were sacked.

The CIS database holds information on 85 million citizens, and is the government’s main citizen database. It is available to 140,000 users from eight government departments, and to 445 local authorities.

But it is proving difficult for the Department of Work of Pensions to allow thousands of public workers and local authorities to access the CIS Oracle-based database, yet keep it demonstrably secure.

The Home Office revealed plans to use the CIS system for ID cards in December 2006 in its Strategic Action Plan for the National Identity Scheme.

In the Strategic Action Plan for the National Identity Scheme, the Home Office said: “We plan to use DWP’s Customer Information System (CIS) technology, subject to the successful completion of technical feasibility work,” for National Identity Register biographical information.

It added: “DWP’s CIS technology is already used to hold records for everyone who has a National Insurance number - i.e. nearly everyone in the UK.”

The Home Office planned to separate DWP’s citizen data on the CIS information from the biometrics store being built up on the National Identity Register.

Now the government plans to avoid using CIS for the ID card scheme, if possible. A spokesman for the Home Office said using CIS is no more than an option for the future.

He said the possibility of using CIS will not be considered until the system has full security accreditation, which is due in 2010 at the earliest.

The Home Office will store biometric information for ID cards on a database run by Thales, one of the maincontractors for the ID card scheme.

Officials had planned to use CIS for the ID card scheme to save money. It would have allowed the government to avoid building an entirely new system and security architecture.

But Computer Weekly has learned that the security of the CIS has been so discredited that officials are keen to distance the ID card scheme from it, even if this means paying for a new system from scratch.

Related posts:

1. UK gov rethinks ID card database
2. Privacy Breaches By ID Card Staff

Almost half of these – an estimated 23,651 – were taken by South Wales Police alone, costing the force a whopping £1.5m.

In total, the nation’s four police forces have spent an estimated £3.4m in gathering DNA samples from innocent people.

But, while the Government estimates that one in five people on the national DNA database are innocent of any crime, they have admitted they have NO IDEA what the real amount could be.

Since 2001, police have taken DNA samples from anyone they arrest or caution, even if no charges are brought against them. Current law allows an innocent person’s DNA profile to be kept for up to 12 years.

With an estimated 4.5 million profiles, the DNA database for England and Wales is the largest in the world, and includes adults and children as young as 10 who have been accused of such crimes as:

n Taking a bicycle without consent;

n Begging;

n Failing to provide a breath specimen;

n Taking part in an illegal demonstration;

n Being drunk in a public place.

Human rights campaigners Liberty called for the database to simply hold details of sexual and violent offenders, which would save millions of pounds of public money.

Liberty’s legal officer, Anna Fairclough, told Wales on Sunday: “The Government is fond of justifying its retention of innocents’ DNA with the trite phrase: ‘nothing to hide, nothing to fear’. Those affected do not agree. They have done no wrong and they deeply resent their DNA profiles being held alongside those of murderers and rapists.”

The figures for Wales were revealed in parliamentary questions put forward by Jenny Willott, the Lib Dem MP for Cardiff Central, over a space of two years.

They reveal a massive database with DNA profiles belonging to 268,853 people in Wales, 55,922 of whom are estimated to be innocent.

In North Wales, 12,014 innocent people’s profiles were gathered by police, while Gwent collected 10,382 and Dyfed Powys took 9,875.

Ms Willott will lead a Welsh Liberal Democrat campaign to call on the chief constables of each Welsh police force to allow innocent people to have their DNA profile deleted.

Clare Hutchinson, Wales Online

In an open letter to Barbara Wilding, chief constable of South Wales Police, Ms Willott calls the database, “disproportionate, unethical, costly and ineffective”.

Speaking exclusively to Wales on Sunday, she urged people in Wales who believe they might be on the database to write to police asking for their DNA profile to be destroyed.

She said: “It is appalling that the Government is still allowing innocent people to be put on the DNA database when they know it is a blatant breach of their human rights.

“Storing the DNA of people who have never been convicted of a crime, for the rest of their life, is a violation of a founding pillar of our justice system – innocent until proven guilty.

“The Government is moving at a snail’s pace. Over 300,000 innocent people’s DNA has been added to the database since the practice was ruled illegal, including 6,000 people in South Wales.

“Those affected in South Wales should use the template letter and advice on my website to write to the Chief Constable to ask for their DNA to be removed.

“Welsh Chief Constables have the power to remove innocent people from the database and to start to restore the faith in our criminal justice system that Labour has eroded. It is now up to them.”

The Association of Chief Police Officers said the matter was for South Wales Police, who were last night unavailable for comment.

Related posts:

1. Take innocent people’s DNA off database, says Welsh MP
2. 40,000 innocent children on police DNA files

ONLY 8,000 people have enquired about getting the government’s controversial ID cards, which will be launched in Manchester.

During a live webchat at the M.E.N offices, Lord Bill Brett, the minister responsible for the introduction of the ID card scheme, admitted only a small percentage of the population had asked about the voluntary scheme.

The cards will cost £30 and contain biometric details of holders.

They can be used in place of a passport throughout Europe.

Lord Brett hopes the cards, available in Manchester in October, will be rolled out across the north west by 2010, and eventually the rest of the country.

He said he foresaw the cards becoming ‘the accepted form of ID in the UK’.

But a poll on this website revealed 81 per cent would not be taking part in the trial.

Lord Brett said: “We have not set targets for what is a purely voluntary scheme, but our research shows a majority of people support ID cards.

“We are confident that support and the number of ID cards will grow incrementally in the period from its introduction in Manchester to the ongoing rollout across the country.

“A lot of opposition to the cards has been based on fear from misconception and mischievousness. I don’t believe the initiative is doomed to failure, rather that it will grow over time to become the accepted form of ID, as the voluntary ID card in France has become.”

The cards will be valid for 10 years.

Lord Brett admitted the cards would not by themselves ‘provide a silver bullet’ in the fight against terrorism, but he said: “The security services and the police believe it will be a helpful tool in that task.”

The minister claimed the cards would provide ‘a secure and unique identity’ for holders. He said they would be targeted in particular at young people, who he said had ‘problems with security and identification’.

He said: “They will have all the information they need on one card. This will assist young people who want to buy cigarettes, alcohol, and in a city like Manchester with a lively nightlife, they can access clubs and bars while also having a document that protects against fraud and allows travel through Europe.”

Lord Brett, admitted that the cards - which should be available from 2012 to all British citizens aged 16 and over - could be scrapped by a future government.

He said: “No government can bind its successors.”

Lord Brett stressed the government had ‘no intention to make ID cards compulsory’. Asked why Manchester had been chosen for the pilot, he said: “Manchester is a major city, with a large young population, a large university and major airport.”

Related posts:

1. UK ID cards will be useless in Europe
2. Manchester will be the ID card guinea pig

The news takes on extra relevance for pubs after reports of several police forces in parts of the country, including Islington, Richmond and Liverpool, objecting to licence applications where venues don’t agree to use fit CCTV.

Each case helped by the use of CCTV costs around £20,000, according to the Telegraph, which obtained the information under the Freedom of Information Act.

A Met Police report said: “For every 1,000 cameras in London, less than one crime is solved per year.”

Tory David Davis told the paper: “CCTV leads to massive expense and minimum effectiveness. It creates a huge intrusion on privacy, yet provides little or no improvement in security.”

The Infomation Commissoner’s Officer (ICO) also voiced its concerns about CCTV in pubs earlier this year.

It said: “Hardwiring surveillance into the UK’s pubs raises serious privacy concerns.

“We recognise that CCTV plays an important role in the prevention and detection of crime, and can help to reduce crime in areas of high population density, such as city boroughs.

“However we are concerned at the prospect of landlords being forced into installing CCTV in pubs as a matter of routine in order to meet the terms of a licence.

“The use of CCTV must be reasonable and proportionate if we are to maintain public trust and confidence in its deployment. Installing surveillance in pubs to combat specific problems of rowdiness and bad behaviour may be lawful, but hardwiring in blanket measures where there is no history of criminal activity is likely to breach data protection requirements.”

Related posts:

1. Landlord wins battle to keep CCTV out of his pub
2. Warning over use of CCTV in pubs

ACCORDING TO the UK’s Identity Minister, the Government’s ID cards won’t be worth the paper they’ll be printed on.

Despite the fact that the cards are almost in UK citizens’ wallets there is still a lot of work needed to raise awareness about them and their uses, particularly outside the British Isles.

In an interview with the Oldham Evening Chronicle, Lord Brett said that if holders leave the country and try to use the cards as some form of ID they will be met with blank faces and, we presume, Gallic shrugs.

Lord Brett said, “When we do launch it, we want to make sure all our ducks are in a row, it is not just marketing and selling the card to people who want to have it but to make sure first of all that all the countries in Europe will accept it and understand it as a travel document.” He added that unless this was the case there would be “no day one” for the cards.

Further damning the roll out, Brett said that the Police did not have the right to demand to see them, despite government claims that they will have a use in the fight against terrorism.

Brett also revealed the numbers of people who had already signed up to willingly receive the cards. In a display of underwhelming public support, 8,000 people have added their names to the list. Brett added, “It says what it does on the tin, it is your identity card, it is entirely voluntary.”

Meanwhile, millions of UK citizens have wisely chosen not to tear up their passports and driving licenses just yet, if ever.

Related posts:

1. ID cards snubbed in Manchester
2. Cost of ID cards blasted by MPs

Adam Laurie said he had made repeated approaches to the government department since December to show how he had managed to clone and modify the chip on an ID card belonging to a foreign student. However, those approaches were rebuffed, Laurie and Steve Boggan, the investigative journalist working with the researcher, told ZDNet UK.

“There has been no invitation or request from the Home Office to demonstrate the flaws in this technology,” said Boggan. “We have suggested a demonstration [to the Home Office].”

However, the Home Office said it had asked Laurie to provide the cloned card to it a “couple of weeks ago”, but as he had not done so, the hacking claim was unsubstantiated.

Laurie claimed the ID card was cloned and the personal details on the chip changed, in an article by Boggan in the Daily Mail on Wednesday.

“This story is rubbish,” the Home Office said in a statement. “We are satisfied the personal data on the chip cannot be changed or modified and there is no evidence this has happened.”

However, Laurie said on Friday he had not been approached by the Home Office and that it was “bizarre” the government department would claim to have requested to see evidence from him. “The Home Office has never been in direct contact with me,” he said. “If they can produce documentary evidence or a paper trail of an invitation, I’d be interested to see it.”

The researcher added that he would be more than happy to demonstrate the cloning and modification technology to UK government officials.

“The way I work is through responsible disclosure,” said Laurie. “The only reason we went public is that the Home Office had refused repeated approaches from us and we want to make sure they make the cards secure.”

Security experts have long questioned the viability of the prospective UK ID cards and David Blunkett, the architect of the scheme, admitted in April there had been a “massive drop” in public confidence in ID cards.

The chip that was modified uses the technology that will be used in cards for UK citizens, according to Laurie. Criminals could forge or obtain physical plastic cards and then insert modified chips on them, he warned.

To clone the chip, Laurie said he used a generally available USB radio frequency identification reader, the Omnikey 5321 Reader, in combination with his own RFIDIOt code. These were used to read the chip on the foreign student’s card and to then transfer the personal information onto a PC.

A hacker could use a suitably equipped mobile phone, such as the Nokia 6131, to read the information, the researcher said. However, it is easier to use a modified RFIDIOt tool to download data from the card onto a PC, he added.

Laurie said he successfully managed to download all of the data from the chip, except for the fingerprint information. He later created replacement fingerprint data from scratch using a biometric file standard called CBEFF.

“We weren’t able to produce a direct clone of the card, but it didn’t matter, as we were later able to add fingerprint details,” Laurie said.

Personal data is stored on the card using the ICAO9303 passport standard, Laurie said. The data is segregated into files called ‘data groups’. While there are 16 potential data group fields, not all of them are used, Laurie said.

Four of the fields important to the breach are Data Group 1 (DG1), which contains information in the machine readable zone (MRZ) on a passport; DG2, which contains the facial image; DG3, which contains the fingerprint image; and DG14, which contains the digital certificate used for active authentication.

DG14 contains active authentication cryptographic safeguards, which are meant, in part, to ensure that the card has not been tampered with.

However, when a card is presented to a reader, the card itself tells the reader whether it should check for a digital certificate. This makes the safeguards ineffectual, as removing the data group removes the check, said Laurie.

“If the file is not present on the card, the reader doesn’t ask for it,” said Laurie “The card dictates to the reader what security checks to do, and since I control the card, I can tell it to do no security checks.”

The digital certificate also guarantees the authenticity of the other data groups on the card. Each file has a cryptographic signature or checksum that is checked against the digital certificate. The idea is that if any of the files are tampered with, the cryptographic signature will no longer be valid.

However, Laurie said he had circumvented this measure by simply replacing the digital certificate and checksums with his own. This works because the ICAO public key directory used by the government, which is supposed to authenticate the digital certificates centrally, has had no government input yet, he said.

Laurie uploaded the modified files onto an NXP JCOP card, which is a programmable contactless smartcard. He then tested whether it would work using a Golden Reader tool validated by ICAO.

Laurie said it had taken him 12 minutes to read the original card, but that he and fellow security researchers Jeroen van Beek and Peter Guttman had then done additional work.

“This demonstrates the technology is not a universal panacea,” said Laurie.

Tom Espiner ZDNet.co.uk

Related posts:

1. Home Office insists biometric data is secure
2. ID cards not compulsory after all, says Home Office

The UK Government’s Children’s Secretary Ed Balls has announced a controversial new CCTV monitoring scheme, in which thousands of problem families are to be monitored 24 hours a day, 7 days a week.

Balls claims that the £400 million “sin bin” scheme will put up to 20,000 problem families under 24-hour surveillance in their own homes, to ensure children go to bed and school on time and eat proper meals.

“Private security guards will also be sent round to carry out home checks, while parents will be given help to combat drug and alcohol addiction,” reads a report in the Sunday Express.

Family Intervention Projects

Mr Balls wants every local authority to fund such ‘Family Intervention Projects‘, noting that: “This is pretty tough and non-negotiable support for families to get to the root of the problem.

“There should be Family Intervention Projects in every local authority area because every area has families that need support.”

Pupils and their families will have to sign ‘Home School Agreements’ which set out parents’ duties to make sure their kids attend school.

However, privacy campaigners are already up in arms over the latest government plans to install surveillance tech within people’s homes.

Fear not, just read this on how to avoid being captured on CCTV instead.

Related posts:

1. CCTV snooping into homes
2. ‘Put CCTV in addicts’ homes to protect children’

Mark Ballard

They are among 34 council workers who illegally accessed the Customer Information System (CIS) database, which holds the biographical data of the population that will underpin the government’s multi-billion-pound ID card programme.

The disclosures, obtained by Computer Weekly using the Freedom of Information Act, will add to calls for the government to come clean over the security of the National Identity Scheme.

The CIS database, run by the Department for Work and Pensions, stores up to 9,800 items of information on 92 million people, including sensitive data, such as ethnicity, relationship history, whether someone is being investigated for fraud and whether they have special needs.

Freedom of information requests by Computer Weekly, have uncovered a string of breaches by council workers:

• Cardiff and Glasgow councils sacked staff after they looked up celebrities’ personal records
• Tonbridge and Bromley councils sacked workers for looking up their friends
• Brent sacked someone who looked at their girlfriend’s details
• A worker at Torfaen was sacked for looking at his own details

But this may just be the tip of the iceberg. Many of the breaches were discovered after sample checks, raising concerns that other breaches may gone undetected.

Over 200,000 government officials have access to the database, including staff at 480 local authorities, and numerous government departments, including the Department of Work and Pensions, HM Revenue & Customs, and the Courts Service. The Child Support Agency uses the CIS to trace missing parents,

Gus Hosein, a management systems academic with the London School of Economics, said that breaches were inevitable.

“Human nature and the propensity of governments to abuse privacy means that the only real safeguard is to not collect this information in the first place,” he said. “Create a central store and you will get abuse”.

A DWP spokesman said, “The small number of incidents shows that the CIS security system is working and is protected by several different audit and monitoring controls, which actively manage and report attempts at unauthorised or inappropriate access.”

In other breaches discovered by Computer Weekly, Exeter sacked someone for being unable to justify an access to the database. Hertsmere and Penwith (now part of Cornwall) councils sacked people for looking at records they shouldn’t, but couldn’t say what the records were.

Carmarthenshire Council disciplined a person who illegally used the CIS to look at the records in July 2008 of someone “known personally” to them, but refused to give details. Solihull took disciplinary action after a CIS breach in February 2008.

Peter Sommer, visiting professor at the London School of Economics Information Systems Integrity Group, said, “Any system in which you have a large number of users can never be secure. Instead of giving generalised assurances, the government should say explicitly what level of security failures they consider to be acceptable. Politically, that is a very awkward thing to say.”

The government plans to extend use of the CIS, beyond its present community of DWP government partners and customers. Its next phase of development, called CISx (CIS cross-government), will give access to departments such as the Driver and Vehicle Licensing Agency.

Related posts:

1. Government allows staff to abuse privacy laws
2. ID card officials back away from scandal-hit database

Home Office policing and security minister, David Hanson, told Parliament last week that millions are now being spent to fund ISPs’, telcos’ and mobile operators’ retention of communications data under the European Data Retention Directive and Anti-Terrorism Crime and Security Act 2001 (ATCSA) code of practice on data retention.

Data retained under the legislation includes the details of the duration, destination and location of electronic communications, although not details of their content. The data retention legislation has proved unpopular with civil liberties groups who view it as an infringement of privacy.

According to Hanson, the cost of “sponsor[ing] systems to enable communications service providers to store communications data” over the last five years has topped £24m.

For 2008-2009, the Home Office spent £3.6m funding retention under the ATCSA, and £6.6m under the European Data Retention Directive (EUDRD).

The figure represents a significant year-on-year fall for ATCSA retention, with the 2007-2008 costs hitting £5.7m. In contrast, the amount spent on retention as a result of the EUDRD increased substantially from the 2007-2008 figure of £2.6m.

Jo Best

Related posts:

1. UK may store all phone calls and emails
2. Internet Calls Subject To Phone Tapping