Home Office insists biometric data is secure

Alan Travis
The Guardian

The Home Office last night sought to shore up public trust in its £5.6bn identity card project, as the failure over child benefit records fed into anxieties over so-called “Big Brother” databases.Critics of the “surveillance society” claimed the ID cards project could not now go ahead without a review of its privacy safeguards to see if they worked. They also raised concern about leaks from other databases, including NHS personal records and the new children’s register.

The Home Office insisted that the biometric elements in its database, the electronic fingerprints and facial scans, will keep it secure and proof against identity theft, even if there were to be a major breach and stolen confidential data.

“The biometric means that it will be much more difficult to use somebody else’s identity, as they will have to provide the correct fingerprint or facial image at the same time. You can’t create a fingerprint or a face,” said a Home Office spokesman. He also emphasised that the identity register would also be protected by a chip-and-pin with severe penalties for those who tried to access the database illegally.

Legislation includes sentences of up two years for “an unauthorised disclosure” by staff from the database, and a maximum of 10 years for those who tamper physically or technically with it. Activity on the system will be audited, and an alert raised if an unauthorised action or attempt to access the register is made.

These safeguards did little to reassure ID card critics. The shadow chancellor, George Osborne, said the loss of the child benefit records was the “final blow for the ambitions of this government to create a national ID database” as “they simply can not be trusted with people’s personal information”.

The No2id campaign called for an immediate audit of all personal information held by the government: “This data disaster shows up the madness behind the government’s ID schemes. People had no choice about giving up that information. It makes the government the biggest identity theft of all.”

Spokesman Phil Booth said that the government’s plan to share personal data between departments also contained dangers, which only a full and independent audit could now resolve.

Richard Thomas, the independent Information Commissioner, said the security breach illustrated that any system was only as good as its weakest link. Last week, he voiced concerns over the amount of information to be stored on the ID register – in particular “transaction data” tracking each time the ID card is swiped at an airport, police station or social security office.

The Treasury last month published a plan for “centralised management” of all personal data held on various department databases, intended to reduce the number of times a citizen has to notify government of a change such as moving home or job. But with the complexity of databases, including the rapidly expanding national DNA database and the NHS personal records database, there are concerns at what privacy can be maintained, let alone “leaks” or theft of records.

Data laws laid down the key principle that data provided to the government for one purpose should not be available for a different one. Earlier this year the principle was reversed in secondary legislation. It now reads “information will normally be shared in the public sector, provided it is in the public interest.”