Your shout: ID cards, spam and security

Have your say at


Have your say at





On the view that ID cards are a waste of money

In response to an interview with security expert Bruce Schneier in which he said UK plans for biometric ID cards could do more harm than good (Computer Weekly, 8 March)

Bruce Schneier is way off base with his comments. He obviously does not understand the true problems facing governments around the world.

However, on the subject of UK "biometric registration of citizenry" I think it is a very good idea, as long as it is controlled with a system of privacy checks and balances. In the US you will soon see all 50 states enact protection laws covering collected individual biometric information. Texas, New Jersey and New York have already passed laws.

Schneier does not seem to realise just how vulnerable the current worldwide electronic "number" database systems are to fraud and theft. He sounds like someone that would have kept the common door lock from being used centuries ago because a thief could break in through a window.

Darrell E Smith, Biometric homeland security specialist, US

Bruce Schneier makes an interesting point with his conclusion that the only way to solve fraud is to make it the banks' problem.

Here in the UK the banks have very cleverly moved the problem to the merchants with the introduction of chip and Pin technology under the pretence that somehow this is going to help prevent a wide range of fraudulent practices.

It seems to me that the likelihood of the banks taking back responsibility for the £1.4m daily losses in credit card fraud is about the same as ID cards solving illegal immigration - zero.

Clearly eradicating identity theft and the associated fraud cannot and should not be left to just one side or the other and the answer lies in a concerted, joined-up approach involving banks, individuals and the IT security industry working together and seriously addressing the weaknesses in the system.

Stephen Meredith, Swivel Secure

Bruce Schneier comes out with the standard liberal cry of, "Governments are looking for measures that increase control. It is being sold as security but it is really control." Like all others who make this claim he brings no supporting evidence. This is not surprising as there is none. Any advanced technology can be misused by any government. This is not the same as it actually being misused.

Schneier's remarks about US airport security are similarly flawed. I would far prefer to go through the security procedures than be blown up in the interests of protecting this mythical privacy he is so concerned about.

He then makes the statement that, "ID theft will only be solved when the banks are given the responsibility to prevent it." However, many credit cards - and virtually all chip and Pin replacement cards - are sent out pre-activated because it is too expensive to handle millions of customers calling in to activate their cards.

Incidentally, who dreamt up the nonsense of chip & Pin? It is not used for "absent" transactions, such as over the phone or internet. And many people change all their Pin numbers to the same one. Once somebody knows that, they can use the cards with impunity and without the risk of a bright assistant realising they are forging a signature.

Roger Tilbury, Tilbury Computer Consultancy, Worthing

On the amount spam costs UK businesses

In response to research which calculated that junk e-mail costs UK businesses £1.3bn, or £22 per user, a year (Computer Weekly, 8 March)

So spam is costing UK businesses the equivalent of £22 per user per year, and putting in a server-based anti-spam product costs £69 per user per year. Sounds like a pretty lousy return on investment to me.

John Richards, University of Bristol

All grist to the mill for improved policing

Interest by police forces in England and Wales in adopting Scottish police intelligence technology (Computer Weekly, 8 March) does not raise questions about the provision of a national police intelligence capability.

The Police IT Organisation's work with the police service to deliver a national intelligence capability under Programme Impact is not compromised by forces' interest in Scottish technology. Both approaches are complementary and any effort by forces to explore local methods of intelligence sharing will feed into the national programme.

Programme Impact will deliver improved information sharing to forces incrementally. Pito is already piloting the National Nominal Index - technology that flags up locally-held police information on individuals, and we intend to start rolling this out from April to child abuse intelligence units.

Stephen Dines, head of intelligence business process, Police IT Organisation

Recognise the limits of your safety net

The news that Chevron Texaco has implemented smartcard access to its IT systems (Computer Weekly, 22 February) is one step towards the impossible ideal of a totally secure system. However, smartcards are not the final answer, but only part of the solution. True security can never be attained due to the most important variable in the equation - people.

Although passwords, smartcards and biometrics are all excellent ways to secure systems, they do not take account of the nefarious individual. What would happen if one of these cards fell into the hands of a fraudster? What if an employee needs a replacement card for one they lost; do they get given default access to the entire infrastructure? What happens when an employee abuses access rights?

We must not be lulled into a false sense of security and use technology as a safety blanket against the cruelties of the real world.

Peter Dorrington, head of fraud solutions, SAS UK and Ireland

Workforce is facing 'password panic'

It astounds me that we still allow the mismanagement of passwords by employees (Computer Weekly, 22 February). You would not buy a sports car and then leave the keys in the ignition, so why do businesses tolerate this digital apathy to such an extent?

From recent research, almost 50% of us now have up to 10 passwords to remember. Inevitably, 50% of workers either write down their passwords, or forget them, costing business more than £20 each time they have to reset an individual code.

A password is worthless as soon as it is on paper, so apathy in terms of keeping them secret is unacceptable. However, long, complex passwords for multiple systems are just as pointless if people cannot remember them.

Companies must act now to address this password panic and retain high levels of security without giving their staff a headache. Businesses are taking a reactive approach when what is needed is a radical rethink of the process.

Gary Clark, vice-president, SafeNet

National Projects can still get local promotion

Socitm is right to raise concerns about the end of central control of the National Projects (Computer Weekly, 1 March). However, local authorities have a wealth of support available to them to ensure long-term success for the initiatives.

Both Socitm and the projects' private sector partners can offer expert guidance on how to make the most of project outcomes, and more importantly, how to communicate the results of the projects to the citizen. We know that more than 50% of adults are prepared to use online services but do not know what is on offer from their local authority.

This lack of education needs to be addressed now, before control is handed over. A united front needs to be shown to the wider public to ensure their buy-in. If the government appears jittery over the future of the projects, the whole initiative will fail.

Geoff Neville, group managing director, Sx3

When it comes to truth we are on our own

I would welcome the backing of the Conservative Party for an audit of the national programme for IT in the NHS (Computer Weekly, 8 March) if I thought there was any substance to it. Time and time again we see the opposition promising more openness during the election campaign but failing to deliver once it has been elected.

Openness suits the opposition but secrecy suits government better. The recent spate of data destruction in Whitehall is testimony to their need to conceal the facts; information made public is occasionally interesting but never relevant to any recent or extant issue.

In short, the government will tell us and the opposition only what it wants us to know. We have to work out the truth for ourselves.

Mark Steele, Northolt

Was Swanwick project really a success?

In your call for an audit of the national programme for IT in the NHS (Computer Weekly, 8 March), you said that an audit helped to make the troubled Swanwick air traffic control centre project a success.

Swanwick was intended to be a completely new en-route air traffic control centre for England and Wales, replacing West Drayton, offering a 40% increase in air traffic capacity. It currently only covers upper airspace and some of its sectors are now handled by the Scottish centre.

Some of Swanwick's functionality, as revealed by the November 2002 incident over Swansea, reported by Computer Weekly, gives cause for concern. It relies for its data on legacy systems at West Drayton, which is still operational.

Indeed, the new air traffic control centre was five years late and its cost doubled.

If the current NHS projects are similarly "successful" one shudders for the medical and financial health of the UK.

Stan Price, Price Project Services, Manchester

Read more on Identity and access management products