Advertisement
Promo

Security threats Toolkit

Security experts criticise government database plans

Tom Espiner ZDNet.co.uk

Published: 19 Jan 2007 12:28 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Security experts are hugely nervous about the government's latest database plans, and have pointed out numerous grave security concerns over two of its proposed schemes.

What worries me is the increased risk. If you're joining databases, you're creating a tremendously more valuable resource for ID thieves

Paul Davie, Secerno

The Home Office announced in December that the National Identity Register — the planned database behind the controversial ID cards scheme — would comprise three existing databases. The Department of Work and Pensions (DWP), the Identity and Passport Service (IPS) and the Immigration and Nationality Directorate (IND) databases would be combined to store people's biometric and biographic information. This plan, which negates the need to build a single new database, has sparked alarm in the security space.

The second government initiative worrying security experts is this week's proposals to relax data-sharing laws that govern how civil servants access and share citizens' personal data. At present, the privacy rights of the UK public are protected by the Data Protection Act. But, according to a Number 10 policy review published on Monday, "overzealous data-sharing rules may be an obstacle to improving public services". Relaxing these rules could help create a super-database, where public workers had greater access to the personal details of the public.

Security vendors see problems common to both initiatives. Principal among them are the increased opportunities for data theft, if more civil servants are accessing more data.

Greg Day, security analyst at McAfee, said that online data theft is increasing, through the use of software to log people's keystrokes and through attempts to dupe users into revealing personal details, a practice known as phishing.

"It's a simple reality that ID theft is on the up, and is growing online," Day told ZDNet UK. "There's been a 250 percent increase in keyloggers in the last two years, and a hundredfold increase in the number of anti-phishing alerts by the Anti-Phishing Working Group."

Day said that government-held personal details could be divulged easily. According to Zone-h, a website that reports on hacks and hacking, an investigation has been demanded recently into a "digital accident" at the Israeli Interior Ministry where Israeli Vital Population Registry information was leaked and posted on the internet.

"The database is compiled by officials at the Interior Ministry and it includes information about all Israeli citizens and personal details that could potentially be used without authorisation by internet marketers, and of course cybercriminals," Zone-h reported.

Day also had technical concerns with the government plans, including proposals to allow the databases to be accessed over the internet. This could lead to chaos, he warned.

"With the existing databases, they are trying to make them internet-available. It would make me hugely nervous to have that personal information on the internet," said Day. "With multiple databases mixing data they face lock fields, with multiple people trying to modify records simultaneously."

Shlomo Kramer, founder and chief executive officer of Imperva, a data-centre security specialist whose clients include governmental organisations, was also nervous about the plans for internet facing databases.

"Last year more than 100 million user records were compromised in the US alone," Kramer told ZDNet UK. "The issue is that when data is available online it can be compromised — especially [in conjunction with] web services."

Even if the information is only available within governmental organisations, Imperva is seeing that within its user base there are many internal security issues —  including abuse of credit card data, or abuse of privileges.

"Data is at risk if it is made available to a large community of users," said Kramer.

Security issues are compounded when multiple organisations are interacting in...

Next

Previous

1 2


  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
12 out of 12 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:





Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Campaigners criticise '£10bn NHS IT ov...

The National Health Service's flagship IT project has been criticised by a tax campaign group for running billions of pounds over budget. The NHS National Programme for IT (NPfIT)... More

1 comment

Climate research centre compromised

One of the UK's leading climate change research centres has had a security breach. The Climate Research Unit at the University of East Anglia (UEA) suffered a compromise of information,... More

1 comment

Government web-monitoring plans on hol...

Government plans to compel ISPs to process and store details of all web communications have been put on hold until after the next election. The Home Office told ZDNet UK on Wednesday... More

1 comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters