National ID card database ‘will never be 100% secure’ put citizens at risk’

By Martin Bentham

British citizens will be “seriously harmed” by breaches of the Government’s identity card scheme and other national databases, a report by technology experts warned today.

The report, whose authors were commissioned by firms including Microsoft, BT and Symantec, says no database can be “100 per cent secure or failsafe” and that accidents and security breaches will occur.

It warns that the creation of expanded national databases, such as that which will be used for the ID card scheme, will present “fresh opportunities” for criminals to exploit and suggests that the risks to the public will be further increased by the “poor information management culture” that exists in many areas of Whitehall.

The findings will be seized on by critics of ID cards and schemes such as the Contact Point database on which details of all children are being stored.

Ministers have insisted that the ID card scheme will be virtually immune from misuse because of its use of biometric data and other safeguards and insist that robust precautions will be taken to ensure the security of personal information held.

Today’s report by the Information Assurance Advisory Council, a private sector group of technology experts, suggests that the creation of a “national identity infrastructure” is inevitable as the need for each person to have a “trustworthy” electronic identity increases.

It warns, however, that government plans are flawed in a number of key areas and emphasises that even with improved precautions, some misuse or loss of confidential data will still be impossible to prevent.

The report states. “Whilst the creation of a national identity infrastructure will undoubtedly help to address some existing risks with the way people gain access to personal electronic services today, it will also undoubtedly create other, new ways in which people can be harmed.

“It is incontestable that identity subjects could be harmed, in some cases seriously, by the types of accident, failure, mistake and security breach that could take place within a national identity management system.

“It is also incontestable that no system can be 100 per cent secure, and no system can be either 100 per cent reliable or 100 per cent failsafe.

“The UK Government has to accept that its citizens will be put at risk of harm from accidents and incidents arising within the operation of any national identity management system.”

The report emphasises that the need for secure electronic identities will be essential over coming years, but warns that safeguards contained in the ID card legislation fall short of what will be needed to protect the public.

It also expresses concern about the poor data security record within government and calls for tougher sanctions against those who lose or misuse

The report says that even with improvements, breaches of databases will be inevitable, but says that measures to ensure that such problems are dealt with swiftly are also inadequate.