Police chief criticises ID cards scheme

Summary:Leading regional chief constable says the identity cards database will become a prime target for hackers, but others have defended the scheme

One of the country's top police officers has criticised the government's identity cards scheme, saying it will become a prime target for hackers.

Colin Langham-Fitt, acting chief constable of Suffolk Constabulary, slammed the proposed National Identity Register as creating a massive security threat.

Speaking to ZDNet UK at the Government IT Summit on Monday, Langham-Fitt said that criminals would pay unlimited amounts to subvert the national identity database. "In creating a national database you are creating a gold standard for ID [authentication]," said Langham-Fitt. "It will be worth whatever it costs to hack it, to mirror it and subvert it."

Langham-Fitt said that having an ID database would not work as a counter-terrorist measure because terrorists would mask their identities. "We are at risk from insider threats and card cloning. The idea the card can be used to fight terrorism is completely fatuous. This scheme is convenient for government, but not for citizens," said Langham-Fitt.

The police chief said that, if hackers can break into Nasa, then there is no such thing as total security, and that the cost of the scheme (£5.7bn) is "a huge cost to subject people to".

He added that holding suspected criminals' fingerprints indefinitely on linked databases is "a cause for concern", because those people may not be charged with the crime.

But other senior police personnel argued that the database was a useful crime-fighting tool.

Phillip Webb, former chief executive officer of the Police Information Technology Organisation (PITO), said that linking police and identity databases could help to solve unsolved crimes. "The ID database as a super-tool is of huge value to us," said Webb. "Today we have 1.2 million [fingerprint] marks from crimes that we don't know who they belong to."

However, Webb warned that civil liberties could be affected by linking police and identity databases. "Few countries in the western world allow us to keep [fingerprint] information indefinitely," said Webb. "If someone is charged [with a crime], we can keep it, but we can't keep it without a charge."

One senior government IT professional also defended the scheme. John Suffolk, the government's chief information officer, told ZDNet UK that, to enable transformational government, a national identity database was essential (transformational government is the delivery of government services using new technologies, and the use of shared services between government departments). "For shared services and combined contact centres, and, for example, the ability of a citizen to register a death once, we must provide technological assurances of the identity of the citizen, and we must share data," said Suffolk. "By definition, systems have to talk to other systems and, by definition, that needs to be secure."

"It's absolutely right that we have to protect data if thousands of organisations have access to that information. We have to make sure [data transfer] is safe, secure, and reliable," he added.

Annette Vernon, the chief information officer of the Identity and Passport Service, told ZDNet UK that holding data centrally would be safer. "We're already in a society where a lot of information is held in a myriad of places. Data held centrally will be more secure."

However, Vernon admitted that the costs of the scheme could be its Achilles heel. The latest figures published by the government forecast the costs as being £5.7bn over 10 years. Vernon said that to take the latest reports at face value would be to ignore that the majority of costs are set-up costs. "The costs reports go down to a level of detail, [but] the way the costs have been [interpreted] is not quite true. But the fact is costs have increased, and it's a 10-year rolling figure. This is a big and complex problem — to make sure the business case shows benefit."

Vernon admitted that the government need not stick to any cost projections at all for the scheme, and would be able to alter projected costs at will. "What we will do is adhere to the costs reports published every six months — but the costs report is subject to change," she said.

Topics: Networking

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.