1 of 4Image
Frank Abagnale, a one-time fraudster who now works with law-enforcement agencies, strongly criticised the UK ID cards scheme at the RSA Conference Europe 2007 on Wednesday. At a press Q&A session before his keynote, Abagnale said that one weak link in an organisation can compromise the whole system.
"With the ID cards scheme, all it takes is one weak civil servant to be bought off, and one weak link can [compromise the system]," said Abagnale. "I'm not big on ID cards — you're giving the government information that someone else can access. ID cards make it 100 times easier to steal that information, because it's concentrated in one place. Nothing is really secure; if the money is right, you can forge a passport to back fraudulent activities — you can forge ID cards. You can replicate holograms, dyes in paper, and give terrorists access to Britain."
The Home Office has denied in the past that the human factor could be a problem for the ID cards scheme.
"There are heavy penalties in the Identity Cards Act for such abuse of access, and the vetting of staff and handling of identity information is something we and lots of other departments deal with already — today and every day. Not to mention that the scheme will have to be accredited to the highest standards by HM Government's security advisers, and that an independent National Identity Scheme commissioner will be appointed to oversee the operation of the scheme," a Home Office spokesperson said.
In his keynote, which closed the two-day show, Abagnale told the audience of security professionals about his experiences of being on the wrong side of the law, depicted in the 2003 film Catch Me If You Can, directed by Steven Spielberg and starring Leonardo DiCaprio as Abagnale and Tom Hanks as FBI agent Carl Hanratty.
Silicon.com's Gemma Simpson contributed to this article.
Bruce Schneier, founder and chief technical officer of BT Counterpane, told RSA delegates that they should not necessarily trust security vendors to give a fair representation of the security of those products.
"There might be a political bent to security decisions, or there might be a marketing bent," said Schneier. "People selling smartcards [for example] will do a lot to convince us that smartcards are the answer to security problems. For every company that's secure, there's at least one 'me too'."