Tech industry could get crack at ID card security

• Tags:
• Biometrics,
• Conservatives,
• Home Office,
• RFID

Tom Espiner ZDNet.co.uk

Published: 14 Aug 2009 17:08 BST

• 
• 
• 
• 
• 

The Home Office has said it is considering enlisting IT companies to test the security of its ID cards, but still refuses to meet a researcher who claims to have created a fake that would bypass security procedures.

Last week, RFID security expert Adam Laurie said he had found a way to hack into the chips on the ID card, and that a series of offers to demonstrate the crack had been rebuffed by the Home Office.

On Friday, the Home Office said that while it will not accept such submissions from individuals, it is considering how the security industry could contribute to tightening ID card protections.

"The Home Office is considering ways to engage with the industry to show that we have a 'gold standard' card which cannot be changed, modified or cloned," the spokesperson told ZDNet UK.

However, Laurie said his demonstration shows it is possible to copy and modify the personal data on an ID card chip, including biometrics, to produce a new chip that would fool security checks.

On Wednesday, the Home Office again refused to see the demonstration, according to investigative journalist Steve Boggan, who has been trying to broker a meeting between Laurie and the government department.

The Home Office said it had declined on the grounds that it did not want to be overwhelmed by individuals wishing to demonstrate ID card cracks.

"We do not believe an individual dialogue in this form is the most productive way forward in this regard," the department's spokesperson said.

The refusal to meet is a sign of the government's reluctance to acknowledge flaws in its ID card plan, Conservative shadow home affairs minister James Brokenshire said.

"The government seems determined to ignore criticisms of its costly and unnecessary ID card scheme," Brokenshire said in a statement. "This is typical of the government's cavalier attitude towards the safety of people's personal data. It should have listened to the Conservatives and scrapped the ID card scheme."

The Home Office is confident the cards will be hard to copy or modify and that the cryptography on the cards is robust, its spokesperson said.

"The identity card includes design and security features that are extremely difficult to replicate," said the spokesperson. "Furthermore, the card readers we will deploy will undertake chip-authentication checks that the card [Laurie] claims to have produced will not pass."

The government department declined to give any more detail about how and when it will speak to security experts about testing ID card security.

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed