The Home Office has defended the ID cards scheme after security expert Frank Abagnale — a one-time confidence trickster made famous by the Steven Spielberg film, Catch Me If You Can — said the scheme should be scrapped if the government cannot ensure it is secure.
Abagnale, now a security consultant, criticised the ID cards scheme and said: “You can develop all of the best security systems in the world, the most sophisticated software in the world [yet] all it takes is one weak link that is one person in the system to screw the entire system up.”
Speaking at the RSA Conference Europe 2007, Abagnale added: “So the identity card system only takes one civil servant to ruin the entire system, so if you don’t have the things in place to keep that from happening then you have no business in going there anyway.”
But a Home Office spokesman told CNET.co.uk’s sister site silicon.com: “Systems will be put in place to ensure that one person couldn’t either change information on the NIR (National Identity Register) or could break down the security measures surrounding it.”
Such security systems mean any request for NIR information will have to pass through a number of intermediate systems and filters to make sure only authenticated and authorised requests can get through and the number of people who could see a whole of a person’s identity or make changes to it will be limited and fully vetted, the Home Office said.
In terms of the penalties for abuse of access, the Identity Cards Act contains a number of criminal offences to tackle attempts to compromise the NIR internally, and any attempt to tamper (physically or technically) with the NIR can lead to a sentence of up to 10 years. Any unauthorised disclosure of information from the NIR by internal staff can lead to a sentence of up to two years on indictment, it said.
The Home Office spokesman added: “No one is saying the scheme will be a panacea but by linking unique biometric information — initially face, fingerprint and possibly in future iris too — to one set of biographical information will make the use of multiple identities, and the various nefarious activities that enables, very much harder.”
Abagnale also disagreed with the more general use of biometrics as an identification tool and said: “I support biometrics for entry to buildings, access to buildings and access to computers [but] I do not support biometrics as a device which should be on a cash point.”
He added: “Once you’ve lost your DNA, you’ve lost your identity forever.”
However, Abagnale did give his support to data breach disclosure laws, adding: “There should be laws in Great Britain that if there is a breach you have to notify the potential victim that they could be a victim. That’s just fair.”
Data breach legislation is the subject of silicon.com’s Full Disclosure campaign.