Security threats Toolkit

ID card security questioned

Tags:
Security,
Database,
ID Cards

Kable

Published: 15 Feb 2006 15:10 GMT

A former Ministry of Defence (MoD) information security specialist has warned Tony Blair that the proposed national ID cards register is not a safe system.

Dr Brian Gladman, who was in charge of research and development for information system security at the MoD before moving to Nato until the mid 1990s, outlines his concerns in a letter to Blair and copied to the leaders of the opposition parties. He emphasises that he is not an opponent of ID cards but supports an "irrevocably voluntary" self-funded identity scheme.

In his letter, Gladman says that the government's ID card proposals "would create safety and security risks for all those whose details are held on the system".

Speaking to Government Computing News ahead of the commons ID cards vote on 13 February, he said: "Security is a fundamental issue here. It is not a sensible idea to put all your eggs in one basket by setting up the kind of identity database which is proposed. Having a universal system like this would be vulnerable.

"There is also the issue of database pollution. The ongoing costs of cleaning up the database and ensuring that details are kept up to date would be astronomical."

Gladman authored a section on the security which formed part of the LSE's critical report on the ID cards programme issued last year. While home secretary Charles Clarke has argued that the LSE's study was "technically incompetent", Gladman pointed out that his section was "independently validated" by two information security experts internationally recognised for their expertise in the field.

Ministers are on the offensive over ID cards as they try to push the bill through after defeats in the House of Lords and recent success in the commons. Chancellor Gordon Brown defended the ID cards register in a speech at the Royal United Services Institute.

"In the past securing your identity rested on you being given a National Insurance number, on being required to have a birth certificate, being required to fill in the census, and for travel abroad being obliged to hold a passport," he said. "So the question is not whether we have a national register identity — we have had so for years — but whether we are prepared to consider the most up to date and the most secure means to protect our identity from being stolen."

Brown also outlined proposals for developing IT systems, and investigating security issues for the programme. He proposed a forum involving banks, IT firms and the public sector to examine security, technology and value for money. This group would report to Parliament on the costs and benefits of the scheme.

"As part of our public expenditure review, we should take the measures necessary now to bridge the gap before a complete national scheme is in place: including improving the quality of our databases together with their transparency and accountability — making it easier to intercept terrorists and criminals and to spot fraud while also ensuring people have trust in how the necessary information is protected," he said.