ID cards criticised for being pointless

The proposed ID card scheme has come under fire for being pointless.

 

Speaking at the City IT and IT Security Forum, Frank Abagnale claimed that it was pointless for ministers to spend billions on the scheme when passports are so secure.

 

Abagnale, a former conman and fraudster whose life was portrayed in the Stephen Speilberg film ‘Catch me if you Can', said the UK's national ID Card scheme is “another data source, more information to steal, more information about people being put in a central place. Why would you go to a national ID card when you already have one of the most secure documents in the world, the British passport?”  

 

In agreement was Stewart Hefferman, COO of TSSI Systems, who claimed that “the big concern with ID verification is impersonation. Unfortunately, the Government's ID card scheme does not go far enough to address this issue.”

 

“Stronger verification technology needs to be in place. Biometric technology alone does not suffice to prevent fraud – despite strong encryption, the Dutch biometric passports were cracked soon after launching. Unfortunately, there is no such thing as a 100 per cent secure solution – and saying you've got one is an open invitation to hackers! All you can do is minimise the risk as far as possible.”

 

“What's needed if the ID card scheme is to work, is firstly, a belt and braces approach. Storing the data as an algorithmic encryption makes it impossible for even the most sophisticated fraudster to read or substitute. Even authorised personnel – and therefore any successful hackers or corrupt employees - would only be able to view binary code, and not the finger, iris or facial data itself. They would also be unable to replicate the algorithm to clone the card.”

 

He further claimed that the method of storing information needs to be carefully implemented. He said: “If it is stored centrally, then the biometric data must be stored separately from any other personal data. This would make it harder for any hacker to join up the dots and steal someone's identity or clone a card.”

 

“I also strongly advise that back-end systems enable an audit trail of those personnel who have accessed individual records on those back-end systems.

 

“From a security point of view, central storage makes the most sense in an online world. But if you're also storing this on the cards themselves, that invalidates the security argument. Obviously this also raises questions about the government's long-term intentions for libertarians to tackle.”

 

Speaking at the City IT and IT Security Forum, Frank Abagnale claimed that it was pointless for ministers to spend billions on the scheme when passports are so secure.

 

Abagnale, a former conman and fraudster whose life was portrayed in the Stephen Speilberg film ‘Catch me if you Can', said the UK's national ID Card scheme is “another data source, more information to steal, more information about people being put in a central place. Why would you go to a national ID card when you already have one of the most secure documents in the world, the British passport?”  

 

In agreement was Stewart Hefferman, COO of TSSI Systems, who claimed that “the big concern with ID verification is impersonation. Unfortunately, the Government's ID card scheme does not go far enough to address this issue.”

 

“Stronger verification technology needs to be in place. Biometric technology alone does not suffice to prevent fraud – despite strong encryption, the Dutch biometric passports were cracked soon after launching. Unfortunately, there is no such thing as a 100 per cent secure solution – and saying you've got one is an open invitation to hackers! All you can do is minimise the risk as far as possible.”

 

“What's needed if the ID card scheme is to work, is firstly, a belt and braces approach. Storing the data as an algorithmic encryption makes it impossible for even the most sophisticated fraudster to read or substitute. Even authorised personnel – and therefore any successful hackers or corrupt employees - would only be able to view binary code, and not the finger, iris or facial data itself. They would also be unable to replicate the algorithm to clone the card.”

 

He further claimed that the method of storing information needs to be carefully implemented. He said: “If it is stored centrally, then the biometric data must be stored separately from any other personal data. This would make it harder for any hacker to join up the dots and steal someone's identity or clone a card.”

 

“I also strongly advise that back-end systems enable an audit trail of those personnel who have accessed individual records on those back-end systems.

 

“From a security point of view, central storage makes the most sense in an online world. But if you're also storing this on the cards themselves, that invalidates the security argument. Obviously this also raises questions about the government's long-term intentions for libertarians to tackle.”

Sign up to our newsletters