Employers raise concerns over ID card security

Employers have warned that there are “significant questions” over the security of the government’s proposed central population...

Employers have warned that there are “significant questions” over the security of the government’s proposed central population register which underpins the national ID card programme.


The Confederation of British Industry said last week that the government’s proposals to make the register accessible to individuals using a password and a Pin, had “inherent weaknesses” which could place the security of sensitive data at risk.


Under current plans, the ID cards will be phased in from 2007 as a replacement for passports and driving licences. A computer chip in the card will store biometric data on cardholder, such as a scan of the iris in their eye or a record of their fingerprint.


“Businesses would like greater reassurance from government that the security of the registry will be paramount,” it said in a submission to the Home Office consultation on ID cards.


The CBI said that although the ID card programme, which is expected to cost more than £3bn, could reduce identity fraud have economic benefits if the government gets its proposals right.


But it said it was concerned that the government was driving its ID card agenda forward without a full appreciation of the potential drawbacks of the scheme.


Using biometric technology for authenticating 60 million people “present significant challenges”, it said. The security needed to protect biometric records also needs further investigation, the CBI said.


The CBI said it was particularly concerned that under current proposals, employers could be liable for fraudulent activities by an individual using a false identity that had been verified by the register.


The CBI asked the government for assurances that law enforcement agencies would not gain access to information about individuals from the population database that was not strictly necessary to a particular investigation.


It also called on the government to “consider in greater depth” its plans to allow law enforcement agencies access to audit logs, which will keep a record of every access made of the central registry by private or public sector organisations.


The CBI also called on the Home Office to provide a mechanism for online banks and service providers to authenticate an individual’s identity through desktop PC’s, mobile telephones and personal digital assistants.


“The government needs to define much more precisely whether the national ID card is really intended to be simply an instrument for government immigration control and crime prevention, or whether [and how] it is to be an identity-authentication service infrastructure that benefits government, businesses and individuals,” said the CBI.


The Home Office was unavailable for comment.  

Read more on IT risk management