Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

IBM researcher slams UK ID card scheme

It will be expensive, insecure and it won't work, reckons expert.

By Manek Dubash | Published: 05:28, 19 May 2006

IBM researcher Michael Osborne, whose job is research into secure ID cards, slated the UK government's ID cards scheme on the grounds of cost, over-centralisation, and being the wrong tool for the job.

Based in Big Blue's Zurich research labs, where the scanning tunnelling microscope was invented and won its inventors a Nobel Prize, Osborne said that the problem is neither the cards nor the fact that the scheme is intended to use biometric technology.

The big issue is that the UK government, plans to set up a central database containing volumes of data about its citizens. Unlike other European governments, most of whom already use some form of ID card, the central database will allow connections between different identity contexts - such as driver, taxpayer, or healthcare recipient - which compromises security. Centrally-stored biometric data would be attractive to hackers, he said, adding that such data could be made anonymous but that the UK Government's plans do not include such an implementation.

Osborne added that biometric technology is still immature. "It's not an exact science", he said. In real world trials, some 10 per cent of people identified using iris recognition failed to enrol - which means the system didn't recognise them. Even fingerprinting is no panacea, as four per cent failed to enrol. Scale that up to a whole population - the UK contains nearly 60 million people - and the problem of biometric identification becomes huge, he said.

Osborne also criticised the government for the potential cost of the system. He said that it will cost a lot more than anyone thinks, pointing out that a project of this size hasn't been tried before, so the government's projected costs are not necessarily accurate.

Finally, Osborne also used a dozen criteria, including whether or not such as system is mandatory or time-limited , to show that on all but two, the UK Government's scheme fails - even before controversial civil liberties issues are considered.

And as for whether ID cards are the right tool to defeat terrorists in the first place, security expert Osborne said: "ID cards won't solve the problem because terrorists don't care about identification - and they'll have valid IDs anyway. The issue is the central database.

"But no-one knows if it'll work, or if it'll be accurate enough - it's more about perceived security than actual security."

Osborne suggested an alternative, which involved keeping the data on the card. With such a system, only the template is downloaded and identity processing happens on the card using Java and local data rather using centralised storage and processing.

He added that since terrorists wanted to be identified, having an ID card was unlikely to be a deterrent. "However, in some previous studies, some criminals were found to be deterred by the need to possess an ID card."

Osborne's remarks were made in a personal capacity during a visit to the Zurich labs, and did not reflect IBM's corporate viewpoint.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.