Home / Privacy News / ID card officials back away from scandal-hit database

ID card officials back away from scandal-hit database

Government plans to store ID card biometrics data on a controversial system used by thousands of public workers might be scrapped.

Tony Collins

The Home Office has confirmed it is reconsidering plans to use the Customer Information System system to store biometric data for the ID card scheme.

The Customer Information System (CIS) – which is run by the Department for Work and Pensions (DWP) – has yet to meet the Cabinet Office’s latest standards on IT security, Computer Weekly has learned.

Computer Weekly revealed in August that thirty four council staff accessed the CIS database to snoop on the personal records of celebrities and acquaintances. Nine of the council workers were sacked.

The CIS database holds information on 85 million citizens, and is the government’s main citizen database. It is available to 140,000 users from eight government departments, and to 445 local authorities.

But it is proving difficult for the Department of Work of Pensions to allow thousands of public workers and local authorities to access the CIS Oracle-based database, yet keep it demonstrably secure.

The Home Office revealed plans to use the CIS system for ID cards in December 2006 in its Strategic Action Plan for the National Identity Scheme.

In the Strategic Action Plan for the National Identity Scheme, the Home Office said: “We plan to use DWP’s Customer Information System (CIS) technology, subject to the successful completion of technical feasibility work,” for National Identity Register biographical information.

It added: “DWP’s CIS technology is already used to hold records for everyone who has a National Insurance number – i.e. nearly everyone in the UK.”

The Home Office planned to separate DWP’s citizen data on the CIS information from the biometrics store being built up on the National Identity Register.

Now the government plans to avoid using CIS for the ID card scheme, if possible. A spokesman for the Home Office said using CIS is no more than an option for the future.

He said the possibility of using CIS will not be considered until the system has full security accreditation, which is due in 2010 at the earliest.

The Home Office will store biometric information for ID cards on a database run by Thales, one of the maincontractors for the ID card scheme.

Officials had planned to use CIS for the ID card scheme to save money. It would have allowed the government to avoid building an entirely new system and security architecture.

But Computer Weekly has learned that the security of the CIS has been so discredited that officials are keen to distance the ID card scheme from it, even if this means paying for a new system from scratch.


Check Also

A Colorado Springs police officer poses with a Digital Ally First Vu HD body worn camera outside the police department in Colorado Springs April 21, 2015. The police department is holding a body worn cameras pilot project, testing several different camera models for a month at a time as they consider purchasing 450 of the units with an initial cost of over $500,000.  REUTERS/Rick Wilking - RTX19PVE

The dystopian danger of police body cameras

Police-worn body cameras are the newest darling of criminal justice reform. They are touted as a way to collect evidence for criminal investigations, oversee and expose abusive police practices, and exonerate officers from fabricated charges. While the nation continues to debate how effective these body cameras are for police departments, ...