Government changes tack on ID card tech

The Identity and Passport Service has changed its plans for storing ID card data, following the failure of a centralised government database to meet security requirements.

However, the government has not ruled out storing biographical details on the database, the Department of Work and Pension's (DWP) Customer Information System (CIS), in the future.

An Identity and Passport Service (IPS) spokesperson told ZDNet UK on Wednesday that initially CIS technology would not be used to store National Identity Register data.

"There will be no identity card/ National Identity Register information held on the CIS technology under our initial plans for identity cards to start in 2009 and for rollout to continue in 2010/2011," said the spokesperson in an email statement.

This is a change of tack from 2006, when the government announced that biographical data would be held on the CIS. "For NIR biographical information, we plan to use DWP's Customer Information System (CIS) technology, subject to the successful completion of technical feasibility work," said the 2006 Strategic Action Plan for the National Identity Scheme. "DWPs CIS technology is already used to hold records for everyone who has a National Insurance Number — ie nearly everyone in the UK."

The CIS has suffered from a number of serious security breaches. Technology publication Computer Weekly in February established that 34 council staff had been caught looking at records of celebrities and acquaintances, when they had no right to access the information.

Computer Weekly on Tuesday said the IPS had distanced itself from the CIS as the database had yet to meet Cabinet Office security requirements. However, the IPS told ZDNet UK on Wednesday that it may still use the database.

"In the longer term, we are still considering using the same technology as houses CIS for identity card biographical information... but that would not be until we introduce the National Identity Service strategic solution for passports and identity cards from 2012 onwards," said the IPS spokesperson, who added that the 2012 date is subject to contract negotiation.

The spokesperson also denied that the government had changed its plans.

"This is not a change of plan," said the spokesperson. "It has never been intended that identity card data will become part of CIS — what we are proposing is that it will be held on the same IT technology as CIS."

ZDNet UK understands that the IPS is satisfied the CIS could be used in the future because National Identity Register data could be compartmentalised, providing more security. Biographical data would be controlled via access rights, while biometric data will be held on a separate database, the National Biometric Identity Service (NBIS).