Now is the time for action

The key to this topic for me was a quote from Home Secretary Jacqui Smith: "Individuals to have as much control and ownership of their own data as possible," writes Andrea Simmons, consultant forum manager, BCS Security Forum.

The key to this topic for me was a quote from Home Secretary Jacqui Smith, "Individuals to have as much control and ownership of their own data as possible," writes Andrea Simmons, consultant forum manager, BCS Security Forum.

In so many ways, it was a redundant thing to say, given that I, as a data subject, retain the right to this automatically, supported by the Data Protection Act and the Human Rights Act. I don't need a platitudinous diktat from government indicating that they are doing me a new favour.

Rest assured, personally I'm in the camp of "chip me" - much like the final episode of the BBC's drama The Last Enemy. I see no issue with the ease of access that should be afforded by a willingness to engage in the system. But I know that this is not a widely held view. Most especially as a result of the capability of government-led IT projects to fall flat on their face in full public view, meaning they lack the significant level of inspiration required to engage the public into willing interaction.

The other difficulty with being inspired by a story at a given time is that life has a habit of getting in the way of our thoughts and intentions. Given the chaos that ensued at Heathrow Terminal 5 during its opening week (a private sector venture, it should be noted), the reasons behind the fingerprinting of travellers (never mind the intended registration of airport baggage handlers from 2009, as suggested in the ID Cards plans) will no doubt have to be reconsidered.

The bigger picture involves needing to calm ruffled feathers and prove that, where technology meets process, the UK has the capability to deliver the goods on time, in time, every time. Sadly, we don't appear to have sufficient evidence so far to be able to reassure the concerned citizen, never mind potential international visitors.

In fact, if you dovetail the intentions of T5 to fingerprint all travellers, with the requirements of the ID cards scheme, then the cynic could clearly make a "leap of faith" link that sees T5 being on some kind of a bonus retainer to provide the government with pre-collected information that could be used to populate an appropriate database for the Identity and Passport Service. Think TIA (Total Information Awareness - The Last Enemy again), if you will!

Also "the wider population may not have to get ID cards at all and could opt to use biometric passports to prove who they are instead," according to the Home Secretary. Either way, biometric data is sensitive personal information and this requires extra care in terms of collection, handling, storage and usage. Setting out to use this requires building in layers of protection for the information at all levels of interaction (picture the "7 stack layer") and the provision of adequate training for all those involved.

When faced with such contradictory reporting, "Support for the national identity scheme remains stable, according to a survey of more than 2,000 people carried out for the Home Office by Taylor Nelson Sofres in February. The research, released on 6 March 2008, found that 59% of those questioned supported the scheme, while 23% did not."

Versus, "a survey by ICM on 1,008 people, also carried out in February (2008), found 50% in opposition with 47% in favour, using a question mentioning a likely price of £93 for a biometric passport".

Ultimately, whether the government's business case is "right", only time will tell - but potentially the chasm that needs to be bridged between the many ways this has been spun for the public and their actual understanding and perception may be too wide to spend time and resources on and perhaps a "leap of faith" has to be taken by actually doing something active instead of navel gazing on the subject still further.

Read more expert advice from the Computer Weekly Security Think Tank >>

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.