To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://management.silicon.com/government/0,39024677,39119176,00.htm

Hacking tests begin on national ID database
Except there isn't actually a database, or ID cards, yet…

By Andy McCue

Published: Monday 15 March 2004

Security experts have begun work on threat and vulnerability tests to ensure that the National Identity Register database, which will form the basis of the UK's controversial ID card scheme, is secure from hack attacks and unauthorised internal access.

The threat assessment is being undertaken despite the fact the specifications and design of the database and its security features have not yet been established. No decision has been taken on the nature of the biometrics to be used on the ID card itself, which has not been passed by Parliament.

Home Office minister Beverley Hughes revealed the progress on the ID card scheme in an answer to a Parliamentary Question last week.

"The security and integrity of the database are integral to maintaining trust in the Identity Cards scheme," she said. "Home Office officials are already working with security experts, to ensure that security issues are considered from the start of the database design, and with other government departments which have similar databases with similar security needs, such as the United Kingdom Passport Service."

Hughes said there will be further public and stakeholder consultation on ID cards after the results of the UKPS' six-month trial, which is due to begin this month, that will test the recording and verification of facial, iris and fingerprint biometrics using 10,000 volunteers.

Questions have also been raised about problems authenticating identity in some categories of individuals who have a higher failure rate with certain biometrics.

Hughes said: "One of the specific objectives of the UKPS pilot is to test biometric enrolment on a sample of people who may have difficulties with enrolment. Data gained from this pilot will inform the design of the Identity Card scheme's enrolment processes and procedures for enrolling those unable to provide certain biometrics."

On the issue of 'scope creep' and the possibility that the National Identity Register could end up being used for more than just ID, Hughes said organisations querying the register will not be able to get other personal information such as health or tax records.