Data loss sends a chill down the spine

The Guardian

The government is disingenuous in suggesting that biometric data will protect information related to ID cards. The information to be held in connection with the ID card scheme includes not only name, address and biometric information but also numbers for national insurance, passport, driving licence and any other “designated document”. The latter could easily include information such as a key to provide access to one’s health data on the NHS Spine. Now that data laws say that “information will normally be shared in the public sector, provided it is in the public interest” (Home Office insists biometric data is secure, November 21), there will be people with access via the proposed identity database, through these links, to any individual’s tax, benefits, bank account, travel, driving conviction and health records.

To make it a criminal offence to reveal data makes no fundamental difference. The fact that an individual has access to the information means that it can be leaked, and the more people that have access to the information the greater the probability that someone will do so, whether maliciously or by accident.

The proposed ID card scheme provides a massive potential leak of personal information and should be stopped forthwith.
Dr Michael Howarth
Networking lecturer, University of Surrey

An incompetent civil servant who wrote the entire contents of the ID card database on to CDs and then lost them would have lost the fingerprints of the entire population. This would be a disaster. If your bank account is compromised you can get a new one with a new number. You can’t get new fingerprints.

Ministers assume the only way a fingerprint could enter the ID system is if the ID card holder uses a fingerprint reader. However, compromised readers could be used to inject fingerprint data directly into the ID card system, allowing fraudsters to impersonate the holders of the stolen biometrics.
Andrew Watson

The security and reliability of biometrics are still matters of debate, but in any case biometrics will not be needed by the tens of thousands of government and private employees who will have access to the national identity register. They will be able to access the database using the same login procedures used by most computer users. If the Revenue’s shockingly incompetent security regime applies elsewhere in government, there will be nothing to stop any employee viewing or copying records from the NIR.

The government has forfeited any right to be trusted with personal data. It is not enough to say they will learn lessons. All planned or current projects involving personal data must be put on hold until independent audits show that they respect the rights of the citizen.
Mike Richards
Milton Keynes, Buckinghamshire

In view of the government’s inability to guarantee the total security of my, or anyone else’s, personal data, I am writing to the prime minister, the chancellor, the leaders of the Conservative and the Liberal Democrat parties and also to my member of parliament to give notice that I shall refuse to have an ID card, even if that means being fined or jailed.

I urge everyone to follow suit. The more fuss we make now, the less likely this or any future government is to put our identities at risk of fraudulent use.
Val Harrison

There is still time to stop the ID card system, but IT systems to monitor all of England’s children and their families are nearing completion and contain highly confidential data. The ContactPoint system tracks all children’s contacts with health, welfare and other agencies, and the eCaf system will contain detailed assessments of children, parents and family life in cases where services are being sought.

The government needs to face up to two facts. First, its IT systems are unjustifiably intrusive. Second, it is an incompetent steward of personal information. The most important lesson to be learned from the blunders at Revenue and Customs is that systems like ContactPoint and eCaf must be abandoned.
Chris Mills
Sevenoaks, Kent