Well, it has been a few months but once again ID cards are back in the news. Or rather the National Identity Scheme, which has managed to garner more column inches in terms of stories about huge, over-budget, failing public sector IT projects as the NHS Spine. As citizens we all get very nervous about the government handling our data, storing our data or even glancing at our data for a bit and then putting it back where it was. And with good cause it seems, if you believe the story in the Times last week in which Gordon Brown was reported as admitting the government could not be trusted to ensure that our personal data is kept safe.
Well, whether we like it or not, some form of national ID card scheme is coming. Jacqui Smith, the home secretary, has released plans for compulsory identity cards for airside workers at the country's airports. London City and Manchester will blaze the trail with trials as early as autumn next year. Add to this compulsory identity cards for foreign nationals from outside the European Economic Area from the end of this month, and you sense the momentum is definitely building.
One of the more controversial ID card-related announcements last week involved the Home Office effectively announcing that it will open for tender to high street businesses the opportunity to become a "biometric enrolment centre". Wow. Do I even need to state the inherent risks in becoming one of these centres? Think about how much time and money you may be spending on PCI compliance, to ensure the secure storage of credit card information, and then double it, and then add a thousand.
Becoming one of these centres is a sure fire way to drive your compliance manager or your chief risk officer, or your chief information officer, to an early grave. Little is known about the actual details, and as we all know, that is where the devil is, especially when we're talking ID cards. But it's likely that banks, post offices, high street stores and the like which join up would be tasked with collecting biometric details from customers, such as fingerprints, and then storing them or securely transferring them to a database.
Seems to me though that the government is trying to push some of the sizeable cost and risk of the National Identity Scheme on to the private sector. You'd be mad to say yes, and the experts seem to agree. Ken Munro, director of pen testing firm Secure Test, said the security implications of this announcement had clearly not been considered. And Susan Hall, IT expert at Cobbetts LLP, argued that sub-contracting the collection of biometric data is inherently dangerous if it gets in the wrong hands, simply because these details can't be reset or altered like a password, if they are stolen.
No comments:
Post a Comment