ID card plans are too complex and too expensive, government is told
Government plans for a national ID card scheme, voted through in the House of Commons last week, are too complex and too...
Government plans for a national ID card scheme, voted through in the House of Commons last week, are too complex and too expensive, former government research organisation Qinetiq has warned.
Qinetiq, which advised the Home Office on the development of the ID card scheme, also raised questions about the reliability of the proposed biometric card-reader infrastructure.
Neil Fisher, director of security solutions at Qinetiq, urged the Home Office to simplify the design of the ID card proposals.
The focus should be on its core function as an ID card, rather than trying to fulfil a long wish list of objectives - from fighting terrorism and reducing illegal immigration to tackling fraud.
The government was making the scheme more risky and had almost doubled its cost from £3.1bn to £5.5bn by insisting on a system capable of matching fingerprints, iris or facial images against a remote central database, when this was not necessary to simply verify identities.
"The Home Office wants matching online because it wants to keep an eye on the bad guys and keep an audit trail. But that means talking over the internet to the central database. We are saying it is a step too far," Fisher said.
Keeping audit trails would vastly increase the complexity of the scheme, Fisher said. However, criminals and terrorists would simply avoid using ID cards, limiting the value of keeping trails.
More thought was needed about ways of verifying identities, Qinetiq said. Even if biometrics achieved 99.999% accuracy, on a database of 100 million people, this could lead to thousands of false matches.
Power outages, communications failures, fires or other disasters could also disrupt access to the central database, which would become a key part of the critical national infrastructure. But there has been little public discussion of business continuity, said Fisher.



From forensic cyber to encryption: InfoSec17
Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Read more on IT risk management
-
Why businesses must think like criminals to protect their data
-
Security Think Tank: Use awareness, education and controls to halt cryptojacking
-
Security Think Tank: Awareness is a good starting point to counter fileless malware
-
Security Think Tank: Human, procedural and technical response to fileless malware
Start the conversation
0 comments