ID Cards insider: scheme is "largest , most complex and sensitive undertaking in Government"

When they were planning for ID Cards, executives at the Identity and Passport Service thought it a good idea to use the DWP’s Oracle-based Customer Information System to store the biometrics part of the National Identity Register.

It avoided the costs, complexities, and risks of failure which would have cast a shadow over building a large database built from scratch.

The problem now is that, through practice rather than any specific plan, the DWP’s CIS is becoming the government’s main citizen database.

This means that thousands of council staff and other public and civil servants are being given access to it.

And some council staff have already been using the CIS to check the data it holds on their friends and relatives.

Officials at the Identity and Passport Service point out that although the National Identity Register is being built on the DWP’s CIS, ID card biometrics will be held separately on the CIS database.

But there will be links between the CIS DWP data and the National Identity Register. Indeed the aim is for there to be countless links between the National Identity Register and government departments, agencies and local authorities.

And those same organisations will have access to the DWP data on the CIS. The more useful CIS is to be, the more people will have access to it.

This is good for CIS. And it means that reliable and comprehensive citizen data can be held on one database.

But keeping it confidential is going to be difficult. Indeed the ID Cards scheme is sounding so complex that it may prove impossible to make the National Identity Register credibly secure – at least from prying insiders.

This complexity is not merely recognised by government – the National Identity Scheme is recognised by government as its most complex undertaking. I’ve learned that Keith Boxall, Head of Standards and Practice at the Identity and Passport Service, has formally described the National Identity Scheme as:

“the largest , most complex and sensitive undertaking in Government at the moment”.

Given that the government has more than 100 “mission-critical” projects and programmes on its agenda – the Olympics being one – Boxall’s statement on the complexity of the ID Cards scheme is revelatory.    

When you consider the juxtaposition of the widely-accessible DWP data on CIS to biometrics part of the National Identity Register, it’s possible to understand one reason why the ID Cards scheme is categorised internally as “very high risk”.


This is the DWP’s Security Notice which warns that council staff have been accessing the CIS illicitly. The notice was issued by the DWP to local authorities …

Security notice – CIS access to HMRC and DWP data

Six LAs [local authorities] access customer information through DWP’s CIS.

From July 2008 this has included access to Her Majesty’s Revenue and Customs’ (HMRC) tax credit data. Desktop access to CIS has helped to significantly improve service delivery to customers. However, DWP and HMRC customer information is shared with LAs on the understanding that only authorised access is permitted. 

DWP’s Local Authority Support Team (LAST) carries out checks on a sample of system-generated Test Checks, which LAs have conducted. In addition, DWP and HMRC interrogate CIS to carry out independent data matches and checks of accesses made by both LA and DWP staff. 

These checks are carried out to provide assurance to DWP and HMRC that accesses to CIS are appropriate and that information obtained is used correctly. 

 Regrettably checks have identified some LA staff are committing serious security breaches. 

To be absolutely clear, and by way of reminder to all LA users accessing CIS, users should not

• access their own records or the records of friends, relatives, partners, or acquaintances

• make enquiries on behalf of colleagues in respect of their friends, relatives, partners, or acquaintances

• share their system, Government Gateway or other identity password with their colleagues

• access CIS for any unauthorised purpose

LAST will provide support to LAs conducting investigations and can provide audit trails showing the full access history of those under suspicion. 

Anyone found to be abusing CIS may face sanctions ranging from disciplinary action to prosecution. DWP will support your LA to ensure appropriate disciplinary or prosecution action is taken, and may consider prosecuting directly under Social Security legislation.



What is CIS?

The £72m Customer Information System is an Oracle database being built by Accenture for the Department for Work and Pensions. It will hold a wide variety of data on nearly all UK citizens.

For many people whose details are held on the database there will be information about whether, for example, they have been in hospital in the past year, information on everyone who lives at their address, whether they are an asylum seeker, and whether they are involved in any dispute involving work. 


ID Cards database breached by nosey council staff – Computer Weekly

CIS – a database of 85 million records – Computer Weekly

You looking at my data? – The Arch blog


UK ditches ID Cards megadatabase – CNet

Who needs ID Cards? – BCS blog



Trustguide and ID Cards – Open Rights Group

ID Cards – an accident waiting to happen?

ID’s a bad idea – UK Liberty

ID Cards: UK’s largest honeypot already sticky

ID Card time again