Print
Discuss
Send to friend
RSS feedsMicrosoft yesterday called for a reconsideration of the UK government's plans for a centralised database containing ID card data, maintaining that there are deep-rooted industry concerns.
Jerry Fishenden, the software giant's national technology officer, suggested that industry representatives are not speaking their minds, and are failing to voice widely held opposition to Downing Street's controversial plans.
In a bid to verify these assertions vnunet.com today conducted a poll of IT industry insiders.
Fraser Thomas, chief executive at secure authentication firm Swivel Secure, warned that the security risks are enormous.
"Such a database would be a mix of existing databases which could feature flawed data, and the security of such a large database would be a real unknown, " he said.
"External hackers and even authorised users would be a major threat. And when the database fails and goes down what would happen? Would the UK grind to a halt? Probably.
"The card itself is also a major problem. No matter how it is made it will be forgeable. People will always make sure that they can get legitimate cards in fraudulent names."
Stephen Philippsohn, head of fraud litigation at legal practice Philippsohn Crawfords Berwald, disagreed.
"Much of the concern about ID cards has focused on the formation of the National Identity Register, with fears that it could be vulnerable to hacking and would create a snap-shot of the card bearer's lifestyle, fuelling anger as to a Big Brother Britain," he explained.
"But this has been countered by the disclosure that much of that information is already held by the government and, in creating an official register, every access to the database would be similarly recorded, helping to safeguard civil liberties."
David Porter, head of risk and security at IT consultancy Detica, said: "The key to success will be getting the enrolment process right and making sure that those turning up for biometric registration are who they say they are.
"How do we avoid a situation such as we have with National Insurance numbers where there are several million more entries in the database than there are legitimate holders in the population?"
Phil Richardson. managing director at email security firm Entrust, said: "The debate is not really about how it happens but when it happens. Best estimates are for the later part of a decade, so what do we do in the meantime?
"I believe we need to implement two-factor authentication (something you know, and something you have) in the meantime.
"This will give public and private sector organisations a means of solving the increasingly thorny subject of identity without the upheaval and expense of a full biometric system, which provides a three-factor authentication system."
All Privacy & Data
del.icio.us
Digg this
reddit!
