Stewart Hefferman explores the potential pitfalls of the Government’s national ID card scheme, raising concerns that it may be vulnerable to cloning if more thought isn’t put into its implementation.
Members of the public, the national press and even security experts themselves have largely been opposed to the UK’s national ID card scheme roll-out. The Government is still insisting the scheme will help in its fight against terrorism and improve national security, yet in the run up to its deployment, fundamental flaws are now becoming apparent.
Concerns about civil liberties and exaggerated claims over the scheme’s part in the fight against terrorism aside, what worries me most is this: does it actually do what it says on the tin? Will it really enhance our national security, or just open our back door to the fraudsters?
Home Secretary Jacqui Smith’s recent announcement about plans for retailers to collect biometric data is downright irresponsible. It seems preposterous to put public data into the hands of a third party when data loss is as commonplace as it is today. It’s clear now that the Government has intended to link the ID card scheme into its other services. I’ve been concerned about such an extension of ID card use since they were very first announced. Unfortunately, there’s no question this makes the scheme vulnerable to abuse.
Addressing the impersonation issue
The big concern with ID verification is impersonation and, unfortunately, the Government’s ID card scheme doesn’t go anywhere near far enough in addressing this problem. To add insult to injury, linking the National Identity Register (NIR) into a variety of different databases, all accessible by various Government employees, further exacerbates the problem.
The two main weaknesses are, firstly, an over-reliance on biometric security and, second, the preference for centralised data storage. Together, these leave the ID card system vulnerable to cloning. Biometric technology, however, is not a silver bullet.
Biometrics alone do not suffice to prevent fraud. Despite strong encryption, the Dutch biometric passports were cracked soon after launching. The supposedly ‘fake proof’ British e-passports were cloned within minutes only to be passed as genuine by passport reader software used by the UN agency that sets standards for e-passports, despite using pictures of Osama Bin Laden and a suicide bomber!
Stronger verification technology
The fingerprint biometric security systems currently used in the TWIC programme failed to properly authorise one in 50 enrolees’ credentials. Clearly, stronger verification technology needs to be in place.
What’s needed if the ID card scheme is to work is a belt-and-braces approach. Storing the encrypted biometric data on the card would make it impossible for even the most sophisticated fraudster to manipulate. Even authorised personnel — and, therefore, any successful hackers or corrupt employees — would only be able to view binary code, and not the finger, iris or facial recognition data itself. They would also be unable to determine how the encryption algorithm operated, and thus couldn’t clone the card.
There’s no doubt that the way the information is stored and structured needs to be carefully implemented.
Storing the data centrally was always a civil liberties concern. I always wondered why on earth the UK Government needed individual information to be stored on both the card and a central database. It’s not necessary to store the data centrally. Other countries such as France and Italy have stipulated that biometric information be stored only on the cards themselves. This way, that data is still within the possession of the individual. So, it was only necessary if they were planning to extend the usage of the cards in future. It’s now clear to all of us that was the intention all along.
More importantly, storing this data centrally and then linking it into a variety of databases is a security concern. From a security point of view, central storage makes the most sense in an online world but, if you’re also storing data on the cards themselves, that invalidates the security argument.
Audit trail is an essential
If the data must be stored on a central database, then biometric data needs to be kept separately from any other personal data in order to make it difficult for hackers to link the information needed to steal someone’s identity or clone a card. Back-end systems need to enable an audit trail of those personnel who have accessed individual records on those back-end systems.
It’s not yet safe to say that a 100% secure solution exists — suggesting that you have one is an open invitation for hackers to have a go. All we can do is minimise the risk as much as possible. In that respect, the UK Government’s scheme still has some way to go.
In itself, that begs the question as to whether the Government has already sown the seeds of the scheme’s disaster?