Monday, August 25, 2008

Data Loss and ID Cards

Over at Sadie's place, a post on the government data loss story has spawned something of an argument (no surprise there). As a Labour blogger who does go on about the virtues of ID cards I'd like to explain why government data loss scandals are not proof that the government should not implement ID cards (above and beyond the simple reason that the NIR contains virtually nothing that isn't held elsewhere). I would like to point out that I work as a software developer in the private sector, so what I write is from professional experience and is more than mere party hackery.

First I'd like to talk about data loss, and my views on the matter. I regard data loss as inevitable, our personal data is held by numerous government agencies and often to an even greater extent by commercial companies. One of my previous employers was in the business of selling on personal data (with permission) to third parties for marketing purposes. And let's not even mention the publicly available data on the electoral register (although this is going to be tightened up). Given the huge number of agencies holding data, the number of staff who have access to it, the frequent transmission of the data. Given also the ease with which data can be stolen undetected (for example, a poorly built e-commerce website can have data stolen from it without it's owners realising, an employee with a spreadsheet of customer data could quite easily copy it onto memory stick or send it through webmail undetected) I think there is a good deal of justification for this opinion.

The obvious worry of leaky data is that it could be used to impersonate someone's identity, say to apply for a passport in their name or to open a bank account, obtain credit or apply for benefits. One of the cunning parts of the ID card scheme is the biometric signature. The idea behind this, is that if an agency, say a bank, wants to be really sure you are who you say you are it can perform an biometric ID check. This works like this.

Customer: I'd like to take a out a loan for £5,000
Bank Staff: Could you give me your details please
C: May name is James Somebody, I live at 6 Some Street, London, E6 3ZZ
BS: Put your ID card here, and swipe your finger

Such a check could yield several results, an initial background check could reveal the details as completely fake. Alternatively if the applicant is an ID thief and has done the legwork, then the details would check out, at this point it would compare the fingerprints, the fraud would be detected at this point because they wouldn't match. The point of ID cards is to make neutralise the danger of data loss by strengthening the actual ID check, it would mean that data loss would not matter nearly as much, because the data itself would be insufficient to actually use for ID fraud.

PS: I'm sure someone will point me to Ben Goldacre's article on Biometrics, or the mythbusters video so I would like to point out the following, In order to fool a biometric scanner, you would need to first obtain or clone your target's ID card. You would then need to obtain their fingerprints, it's difficult to get both. A scan could ask for a combination of fingers and this would effectively neutralise the use of fingerprints picked up of the card itself. Storing the prints on the card itself would be a bad idea for this reason. Also, the bank staff might notice that you're using gummi fingers.

No comments: