ID cards - analyse the facts

Let's put emotion aside when asked about national identity cards, and analyse the facts presented by the Identity and Passport Service as if someone had put forward a business case for the deployment of identity cards in your organisation, writes Raj Samani of the ISSA UK Chapter.

Let's put emotion aside when asked about national identity cards, and analyse the facts presented by the Identity and Passport Service as if someone had put forward a business case for the deployment of identity cards in your organisation, writes Raj Samani of the ISSA UK Chapter.

The business case for national identity cards stresses the need for a "secure way to check that identities are real". It focuses on perceived shortcomings in the current approach to proving people's identity, with organisations using various criteria. For instance, utility bills and similar documents are commonly used to establish identity, but are easy to steal or forge.

It is argued that the current approach allows unscrupulous individuals to create multiple identities, and that official documents may be issued to people who should not have them, allowing them to live and work in the UK illegally.

It is suggested identity cards will enable stronger identification of users (citizens), with certain accredited organisations able to check biometric data against the National Identity Register. If, in your organisation, unauthorised people are registering for services using forged identification documentation, then surely the introduction of two-factor authentication is a reasonable approach?

The business case also highlights the lack of consistency between organisations in authenticating individuals. Imagine a scenario where every time you visited a regional office, you were asked for different authentication credentials. If the opportunity arose to have just one authoritative set of credentials, then surely, if the project was within an agreed budget, this would be an acceptable solution.

It is also claimed that the introduction of such a scheme would significantly hinder the identity thief who raids dustbins to find a scrap of paper that would help him steal someone's identity. If the authoritative credentials were something you have (the card), something you are (biometric) or something you know (such as a Pin), then raiding the bins would serve no purpose unless the accrediting organisation relied on only one factor and you threw your card away or it was stolen.

But the case for national identity cards will not be determined by a cold, professional analysis of the facts. This emotive subject will be fought on the argument of civil liberties, with questions raised about whether it reverses natural justice because the data on a card will be relied upon rather than an individual's testimony. Also, the ability to ensure protection of the National Identity Register will be questioned - there is great appetite for stories about the loss of data in the public sector.

Read more expert advice from the Computer Weekly Security Think Tank >>


Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close