Your shout: Online ID card use warning, MiFID is an opportunity

Computer Weekly readers' give their views


Computer Weekly readers' give their views

Online use of ID cards poses serious risks

With regard to your news story "ID checks to go online" (Computer Weekly, 21 February) the online use of ID cards presents major risks.

Risk 1: if the biometrics are not checked against the national identity register, then the cards could be stolen or forged. If the biometrics are checked (perhaps using a cheap USB-connected fingerprint reader), then Risk 2 (below) becomes really serious.

Risk 2 (the big one): anything a computer can scan, encode and transmit, it can also store or send elsewhere. So a Trojan program, installed by a virus perhaps, or in a publicly accessible computer, could capture card details and biometrics and use them for on-line fraud.

Now the legitimate user is in trouble. If your password is compromised, it's no great trouble to change it; if your ID card is compromised, it will take a lot of effort to get a new one. If biometrics are compromised, there's no solution.

The moral is: never use a mechanism for online ID that cannot readily be changed, unless it is very secure indeed.

Martyn Thomas, Visiting professor of software engineering, Oxford University


MiFID should be seen as an opportunity

Christian Annesley celebrates that some key requirements of the Markets in Financial Instruments Directive (MiFID) have been included as directives rather than regulations ("The clock is ticking..." Computer Weekly, 14 February).

This, he claims, allows for "a greater degree of discretion in implementation". He seems to be focusing on the cost of compliance with the provisions of MiFID rather than the substantial benefits that will accrue from it passing into law. 

The original Level 1 paper was entirely a directive. The commission has now decided to enshrine the majority of the provisions of MiFID in non-discretionary regulations.

Far from being a problem, this should be seen by affected UK organisations as an opportunity. By November 2007, all 28 countries implementing MiFID will have a common basis on which to conduct and report financial transactions.

The opportunity for UK financial services companies is that they will be able to transact business for clients across the EU (and in Iceland, Norway and Switzerland) with a consistent set of regulations and without having to be approved to trade in each separate jurisdiction.

The most far-sighted of our clients, many of which are major investment banks, are looking to take advantage of this opportunity, not complaining about the cost of implementation.

If, as Annesley implies would be desirable, the majority of the provisions were discretionary directives with "relaxed evolution into national law", then each of the 28 countries would very likely implement their own set of regulations and MiFID would fail to deliver its primary objectives of transparency and delivery of best execution to all types of client.

Mike Vieyra, Gissing Software

Christian Annesley replies:

One of the key issues for IT directors in relation to MiFID is that time is running out to prepare for the directive's arrival. With the late delivery of the Level 2 draft, there are now less than 21 months until MiFID is due to come into force.

In some respects, this shrinking timeframe will require a pragmatic response from IT directors to ensure their firm's obligations under MiFID are met.

But, as the piece made clear, that doesn't mean that the creation of a single European market for financial instruments won't offer opportunities to far-sighted investment banks to develop systems that put them ahead of the competition. All the evidence suggests it will.


Theft of information costs companies billions

The government's decision to amend the Computer Misuse Act and introduce stiffer penalties for internet crimes has been a long time coming ("Government gets tough on computer crime",, 2 February).

As a former computer crime detective at Scotland Yard, I fully support the tougher stance the government is adopting.

Both private and public sector organisations have been lobbying for specific regulation to address crimes such as denial-of-service attacks. Recent attacks, such as the one on the Million Dollar Homepage, have highlighted the desperate need for the government to take action.

However, I am concerned that the new bill has perhaps not gone far enough and addressed the theft of information. Intellectual property theft is a huge issue for businesses across all sectors and impacts on small businesses as much as, if not more than, large stock-listed companies. It is also one that costs UK businesses billions of pounds every year.

The new bill is certainly a step in the right direction. However, until the government takes serious steps to criminalise the theft of information, dishonest people will continue to threaten and jeopardise businesses.

Simon Janes, International operations director, Ibas


Offshoring has turned the spotlight on business

Regarding the article "Offshore effect hits UK job market" (Computer Weekly, 14 February), there is little denying that offshoring has contributed to the decline of lower-end jobs in the technology space.

But there is also evidence that higher-level jobs, such as project management, have been boosted since the start of the offshoring phenomenon.

Nowadays, there is undeniably a need for IT people to have a grasp of business issues. Gone are the days when IT was a standalone function within an organisation - it must be thought of from the wider business perspective.

So, as lower-level jobs diminish, offshoring increases the need for professionals in disciplines such as project management, technical architecture and testing, where it is crucial to think about IT from a business perspective. If software development is offshored, for example, there must be a facility onshore to test the system or application thoroughly at the deployment location.

Also, the increase in offshoring lower-skilled jobs means fast-tracking to higher-skilled positions with less of a requirement to "do your time" on the low-level menial tasks for IT professionals.

In our experience, the clear division of activities that occurs with offshoring establishes the need for mature processes and emphasises key activities that are so necessary to deliver high-quality systems.

All in all, we see some positive changes resulting from both outsourcing and offshoring and look forward to working in a more mature IT market.

Adam Ripley, IS Integration

Answer back

Do you disagree with someone's opinion on this page? Or do you have something to say about a Computer Weekly article? If so, we want to hear from you. E-mail

Please include a daytime telephone number.


Read more on IT risk management