|
ID cards: the truth
Related issues |
News /
ID Cards Will Use 'bog-standard' Chip & PIN16 March 2006 Remember how the government keeps insisting that identity cards will be ultra-secure because they will use biometric technology? Well now it has been announced that most identity checks will rely on Chip & PIN verification like credit & debit cards. All you'll have to do is key in a PIN number. The key government argument for biometrics was that no-one (if the system worked properly) would be able to impersonate you because biometrics are near-unique. But if all you need to pass most ID checks will be a card for which you know the PIN, then surely that opens up multiple opportunity for use of sophisticated forged ID cards? Once again it comes down to a huge amount of hassle & expense for the public, that is not justified by the limited benefits of the ID registration system. Phil Booth, national co-ordinator of the No2ID campaign, said the Home Office’s ‘gold standard’ of identity has now been reduced to little more than a bog standard chip and PIN card.
He said in a statement: “After all its overblown claims about the infallibility of biometrics and how highly secure its ID system will be, it turns out our identities are to be protected by nothing more than a four digit PIN. The Home Office may as well give away all our personal data to organised criminals and fraudsters, who will always target the weakest point in a system.”
More good analysis from SpyBlog: http://www.spy.org.uk/spyblog/2006/03/andy_burnham.html [Junior Home Office Minister Andy Burnham] really does not have a grasp of the technology, and appears to have wasted £30 million of public money spent on consultants, who one would have expected by now to have produced a clear specification of the scheme, suitable for invitations to tender, something which is impossible if no firm decisions have yet been made on the systems architecture ... there is no estimate of the cost of the less secure nut still expensive national network infrastructure of "Chip and PIN" readers either ...
Given that the costs of installing a secure network, infrastructure exceeds the cost of the actual reader devices at the extremities of the network itself, and "intermediate" "Chip and PIN" scheme may not save any money whasoever ...
... If the level of identity verification is no better than for existing credit cards, then how will this scheme reduce "identity fraud" in any way whatsoever ? ...
... Biometric Passports and Machine readable Travel Documents to the International Civil Aviation Authority standards, which are touted as being one of the main driving forces behind the Identity Cards Scheme controversially use contactless radio interfaces (which are full of their own security and privacy risks).
The "Chip and PIN" systems used for credit card and debit cards etc. deliberately use contact smartcards which you insert into a reader slot.
It is possible to create smartcards which are both "contactless" with antenna loops and to also have electrical contacts on them as well. In that case, the Government's promises of a 10 year lifetime for the ID Card become meaningless, since there are no such systems in widespread use in the world, upon which to base susch estimates on.
The wear and tear on the electrical contacts of a credit card "Chip and PIN" smartcard are one of the limiting factors in its physical lifetime.
The antenna loop needed for a "contacless" / RFID ICAO Passport compatible smart card runs around the periphery of a credit card and so will be at risk of damage due to flexing of the card when it is insereted or extracted from a contact reader. This is exactly why "contactless" cards or passport booklets have been touted as a solution.
To combine both of these technologies on a single card is expensive and unecessary and increases the risk of equipment failures.
No "Chip and PIN" credit card is designed to last 10 years, and this is one of the points upon which both the London School of Exonomics and even KPMG have questioned the Home Office's unpublished cost estimates on.
Remember that the Identity Cards Bill makes it your fault if either the ID Card or the Reader fails, not that of the Government nor the supplier nor any subcontractor operating the scheme ...
... A separate network of "Chip and PIN" readers is unlikley to be cheap either, and would offer even less security than biometrics.
Remember that the existing retail / banking / credit card "Chip and PIN" online network infrastructure does not extend to Government departments or the National Health Service or to every employer (supposedly to combat illegal immigrant workers) in the country, which is where the scheme is peresumably intended to be used.
If even banks cannot be persuaded of the business case for installing biometric readers, then why would any other business do so ?
There has been previous Home Office kite flying about the retail credit card "Chip and PIN" infrastructures in the pathetic "Regulatory Impact Assessment" in 2004
They refused to make any cost estimates about this, but seemed to somehow expect it all to getupgraded to include compatible biometric readers in the future, for free.
|
NO2ID campaign Defy ID network |
