This is the story of a piece of paper no bigger than a credit card, thrown away in a dustbin on the Heathrow Express to Paddington station. It was nestling among chewing gum wrappers and baggage tags, cast off by some weary traveller, when I first laid eyes on it just over a month ago.

The traveller's name was Mark Broer. I know this because the paper - actually a flimsy piece of card - was a discarded British Airways boarding-pass stub, the small section of the pass displaying your name and seat number. The stub you probably throw away as soon as you leave your flight...

...I picked up the stub, mindful of a conversation I had had with a computer security expert two months earlier, and put it in my pocket.

If the expert was right, this stub would enable me to access Broer's personal information, including his passport number, date of birth and nationality. It would provide the building blocks for stealing his identity, ruining his future travel plans - and even allow me to fake his passport.

It would also serve as the perfect tool for demonstrating the chaotic collection, storage and security of personal information gathered as a result of America's near-fanatical desire to collect data on travellers flying to the US - and raise serious questions about the sort of problems we can expect when ID cards are introduced in 2008.