I had a few comments from friends after my last posting on Adam Laurie's attack on the UK Identity card. Many missed the point. The issue is not whether it's possible to forge or modify an Identity card. It's whether that forgery can be detected in circumstances where the risk becomes significant. You can't determine that without a full knowledge of the controls that are deployed in each scenario in which it will be used.
Context is everything in the world of security. Just because something is possible, doesn't mean that it will happen, or that the damage cannot be tolerated, contained or repaired. We've managed the risk of forged banknotes and passports for many years. Why should Identity cards be any different?
Comments (1)
Context might well be king, but factual details and technical nuance often detract from a good emotionally and politically charged story.
Without full disclosure and objective professionally unbiased analysis you haven't a chance of really determining whether risk is being managed here and now.
Posted by Duncan Hart | August 11, 2009 10:12 AM
Posted on August 11, 2009 10:12