Government plans to storeID cardbiometrics data on a
controversial system used by thousands of public workers might be
scrapped.
The Home Office has confirmed it is reconsidering plans to use
the Customer Information System system to store biometric data for
the ID card scheme.
The
Customer Information System (CIS) - which is run by the Department
for Work and Pensions (DWP) - has yet to meet the Cabinet
Office's latest standards on IT security, Computer Weekly has
learned.
Computer Weekly revealed in August that thirty four
council staff accessed the CIS database to snoop on the
personal records of celebrities and acquaintances.
Nine of the council workers were sacked.
The CIS database holds information on 85 million citizens, and
is the government's main citizen database. It is available to
140,000 users from eight government departments, and to 445 local
authorities.
But it is proving difficult for the Department of Work of
Pensions to allow thousands of public workers and local authorities
to access the CIS Oracle-based database, yet keep it demonstrably
secure.
The Home Office revealed plans to use the CIS system for ID
cards in December 2006 in its
Strategic Action Plan for the National Identity Scheme.
In the Strategic Action Plan for the National Identity Scheme,
the Home Office said: "We plan to use DWP's Customer Information
System (CIS) technology, subject to the successful completion of
technical feasibility work," for National Identity Register
biographical information.
It added: "DWP's CIS technology is already used to hold records
for everyone who has a National Insurance number - i.e. nearly
everyone in the UK."
The Home Office planned to separate DWP's citizen data on the
CIS information from the biometrics store being built up on the
National Identity Register.
Now the government plans to avoid using CIS for the ID card
scheme, if possible. A spokesman for the Home Office said using CIS
is no more than an option for the future.
He said the possibility of using CIS will not be considered
until the system has full security accreditation, which is due in
2010 at the earliest.
The Home Office will store biometric information for ID cards on
a database run by Thales, one of the main
contractors for the ID card scheme.
Officials had planned to use CIS for the ID card scheme to save
money. It would have allowed the government to avoid building an
entirely new system and security architecture.
But Computer Weekly has learned that the security of the CIS has
been so discredited that officials are keen to distance the ID card
scheme from it, even if this means paying for a new system from
scratch.
>> IT Projects blog: Change of plan on ID Cards biometrics
database?
>> IT Projects blog: ID card insider says scheme is "largest
, most complex and sensitive undertaking in government"