Wednesday, 21 November 2007

Have They No Shame?

The loss of 25 million people's personal data by HM Revenue & Customs after it was dumped onto CDs and sent unrecorded to another Department demonstrates a shocking disregard for data security and privacy. The Chancellor is reported to have used this momentous blunder to justify the introduction of Identity Cards.

The proclamation that "without the protection of the [ID] scheme, information was more vulnerable than it should be."1 was made in response to strong questioning on the subject by Shadow Chancellor George Osborne.

Darling's basis for this statement appears to be the proposed use in the ID database of biometric data2:

"The key thing with ID cards is that information is protected by personal biometric information," said Darling. "The problem is we do not have that protection [on the lost HMRC information]. ID cards match up biometric information with information held — there would be a biometric lock with the ID cards system."
This quote has mystified anti-ID campaigners and political opponents alike, for how a "biometric lock" (whatever that is) would have prevented the sort of data loss that has occurred with the Child Benefit database is unclear. As Phil Booth of NO2ID pointed out2, the use of biometric data as a key would only truly safeguard personal data if every use of that data were "every use of a person's data, including transfers between government departments, [were] authorised by that person physically providing their fingerprint"!

Hardly likely. And we the people who if the Government get their way on this will be forced onto the National Identity Register have absolutely no reason to be confident that the data on that database will be treated with much more care than that on the Child Benefit database. Even the least concerned about personal privacy have good reason to be worried. If the database that went missing in the past six weeks represents a gold-line for fraudsters and identity thieves, the National Identity Register will represent the absolute mother lode.

Why? As explained by anti-ID campaigner Trevor Mendham in his explanatorily-titled article 'Single Point of Failure'3:

"Today, if someone steals/fakes your credit card they can spend money as you. If they steal/fake your work ID they can enter your office as you. If they steal/fake your gym/club membership card or whatever they can interact socially as you.

If they fake your National Identity Card they will be able to do all that - and more. ID Cards are a skeleton key to your identity. Instead of faking many pieces of identity, the criminal/terrorist only needs to fake one thing." (bolding mine)

American 'security guru' Bruce Schneier4 makes the same point in his essay opposing the introduction of a US equivalent 'A National ID Card Wouldn't Make Us Safer'5, in which he says "There are security benefits in having a variety of different ID documents. A single national ID is an exceedingly valuable document, and accordingly there's greater incentive to forge it".

'Ah, but biometrics will stop that being a problem', the ID advocates will almost inevitably say. Perhaps they should think again. Biometrics such as fingerprints have a non-zero failure rate and can pose difficulties for individuals with skin problems or damage6. There is also concern that they too can be forged. Commercial fingerprint scanners have been experimentally shown to be fooled by artificial fingerprints and even a photocopy of a fingerprint7,8!

Darling and his supporters on this issue are either ignorant of the critical technical problems with what he is saying...or they know, and hope the electorate don't realise. Whichever is the case, in the face of such a catastrophic failure of data security, have they no shame?

6. (Pages 910)

No comments: