ID card officials back away from scandal-hit database

Government plans to store ID card biometrics data on a controversial system used by thousands of public workers might be scrapped.

Government plans to store ID card biometrics data on a controversial system used by thousands of public workers might be scrapped.

The Home Office has confirmed it is reconsidering plans to use the Customer Information System system to store biometric data for the ID card scheme.

The Customer Information System (CIS) - which is run by the Department for Work and Pensions (DWP) - has yet to meet the Cabinet Office's latest standards on IT security, Computer Weekly has learned.

Computer Weekly revealed in August that thirty four council staff accessed the CIS database to snoop on the personal records of celebrities and acquaintances. Nine of the council workers were sacked.

The CIS database holds information on 85 million citizens, and is the government's main citizen database. It is available to 140,000 users from eight government departments, and to 445 local authorities.

But it is proving difficult for the Department of Work of Pensions to allow thousands of public workers and local authorities to access the CIS Oracle-based database, yet keep it demonstrably secure.

The Home Office revealed plans to use the CIS system for ID cards in December 2006 in its Strategic Action Plan for the National Identity Scheme.

In the Strategic Action Plan for the National Identity Scheme, the Home Office said: "We plan to use DWP's Customer Information System (CIS) technology, subject to the successful completion of technical feasibility work," for National Identity Register biographical information.

It added: "DWP's CIS technology is already used to hold records for everyone who has a National Insurance number - i.e. nearly everyone in the UK."

The Home Office planned to separate DWP's citizen data on the CIS information from the biometrics store being built up on the National Identity Register.

Now the government plans to avoid using CIS for the ID card scheme, if possible. A spokesman for the Home Office said using CIS is no more than an option for the future.

He said the possibility of using CIS will not be considered until the system has full security accreditation, which is due in 2010 at the earliest.

The Home Office will store biometric information for ID cards on a database run by Thales, one of the main contractors for the ID card scheme.

Officials had planned to use CIS for the ID card scheme to save money. It would have allowed the government to avoid building an entirely new system and security architecture.

But Computer Weekly has learned that the security of the CIS has been so discredited that officials are keen to distance the ID card scheme from it, even if this means paying for a new system from scratch.

>> IT Projects blog: Change of plan on ID Cards biometrics database?

>> IT Projects blog: ID card insider says scheme is "largest , most complex and sensitive undertaking in government"

Read more on Database software