Feeds

back to article Minister defends National ID Register security

The National Identity Register will have very limited access, stringent security and no risk of 'discs flying around', MPs have been told. Home Office minister Meg Hillier defended the government's plans for its controversial National Identity Scheme, as she faced questions about data security from a committee of MPs. Hillier, …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

'No risk of discs flying around'

You mean they're not going to back it up? I approve but it seems a bit wasteful from a financial point of view.

0
0
Anonymous Coward

Red tape

And in a few years' time these stringent access controls will be attacked as red tape and swept aside in a cost-cutting exercise.

0
0
Coat

Only 100 people eh?

I am sure that they will all be upstanding, honest and hardworking Accenture employees that would never do anything stupid or make any other "Human Error" in the future.

Crap, why do they roll out complete nonses to talk about technical stuff. What worries me, is not what you are safeguarding against, but what you have forgotten.

And you don't know what you have forgotten, because you have forgotten it. When a minister pipes up and says, "You know what, there won't be a breach and when there is you can mutilate my children." then I'll believe that my data is safer with the government than it is with me.

Yes, yes, mines the one with the fetching tinfoil hood on it.

0
0

That's not what your legislation says...

Didn't the whole national identity register legislation allow for a wide range of groups to access the database?

There's no need to ship discs around because everyone will already have access. Voila! No security nightmare!

Nice one.

0
0
Black Helicopters

Question at the back

Er, how can both of these statements be true?

"fewer than 100 people will have access to the National Identity Database,"

Hillier said that the number of institutions were "too many to list" in response to "which bodies would be allowed access"

0
0
Anonymous Coward

Missing the point....again.

We're required under current EU law to have an ID cards scheme and an ID database that will mesh with a European-wide one, with biometric data and DNA samples.

Doesn't matter what we do to fight it, while we're members of the Superstate we've got to have it.

0
0
Stop

...To Buy a house

"He said that the vast majority of accesses will be initiated by the individual concerned, for example when they buy a house and need to prove their identity"

We are going to need an ID card to buy a house now. Crikey

0
0

Bollocks

Incompetence in a government project is not just possible, it is inevitable. Where there is no incentive to be competent, competence is a temporary aberration. Where you and I have the fear of being sacked, and a private corporation - even IBM - has the fear of bankruptcy, the government has tens of thousands of highly-trained men with guns.

When the government says "we'd like this new power", the correct response is not "only with safeguards", the correct response is "no". Effective safeguards cannot exist in an organisation with no reason to care whether its citizen's information is safe or not. Anything proposed as a safeguard is lipstick on a wild boar.

0
0
Stop

Many discrepancies here...

"The National Identity Register will have very limited access"

"fewer than 100 people will have access to the National Identity Database."

"Hillier said that the number of institutions were too many to list"

Any advance on 'too many to list' ?

0
0
Silver badge
Pirate

Oh really...?

> fewer than 100 people will have access to the National Identity Database

And I wonder how much a foreign government would have to pay to bribe them to sneak a copy like the Germans did with Lichtenstein's banking information...?

0
0
Stop

only 40% ?

"Asked if the government gauged public opinion on identity cards, she said the latest official findings were that 60 per cent of citizens were in favour." So only 40% are violently opposed. Well that's alright then. We'd better press ahead with all speed before the 60% wake up.

It's quite hard to read or understand when they're talking about the ID Card and when the ID Register. Less than 100 people can access one, but organisations too numerous to mention can read the other. err what? And of course this is where the public's perception and those 60% figures become important. There's probably quite a lot of people who wouldn't really mind an ID card providing they didn't have to carry it at all times but are deeply suspicious of the database behind the card.

Mine's the one with your Oyster card in the left pocket.

0
0
Stop

Ye flipping gods...

Philippe Martin needs his head removing from his crack. It's ALWAYS been about the National Identity Register; the amount of data collected, the intrusion upon our privacy and the inherent risk of data loss or corruption.

"Hillier said that the number of institutions were too many to list..."

****ing WONDERFUL; so we're back to local authorities' parks and gardens departments having unfettered access, as well as anyone willing to pay an access fee, just like they do with the DVLA records and census data.

"...but any organisation requesting access would have to prove it needed the information as part of an ongoing investigation."

By saying "We really REALLY DO, honest, really..." just like DVLA and census data and anything else they bloody feel like.

Can we have some form of "Jacqui Smith is a ****wit" icon, please?

0
0
Anonymous Coward

DVLA

Like the DVLA? They have data, it's commercially useful to private parking companies, so they sell it. Even though it's a civil dispute and they've only heard one side of the story!

How will this be any different? Government dept has lots of identity data that's commercially useful to many companies.

Some company will come along, claiming to need the information for some reason, and they'll get it. Once the tap is open, it will never be closed again, because ministers can never be seen to be wrong and so never reverse a decision.

Well if *x* can have that data why can't *y*. So y gets it too and evertually we're in the stupid position where anyone can get their hands on private data simply by sending in a fiver and a request.

0
0

Government have such contempt for our intelligence....

it makes me wonder why I vote. What is the point in collecting the data if it is not to be used? 100 people won't be sufficient to access 60+million records for user purposes, let alone input, the data maintain the system and backup/develop the system.

On the point of "user", it is normal(?) to consult and find out what the user groups want the system to do for them before building it. Is it reasonable to ask the questions - "who are to be the users?" and "what do they want the system to do?" Even if there were adequate answers then the debate on whether the objective was reasonable should still be had. If the answers are non-existent or woolly then were looking at another undefined state software project and even the good ones over-run.

The trouble is, even if we changed the Government the alternatives are still fishing in the same pond of polluted ideas so we'll just get a different toxic red herring to have taxes wasted upon.

0
0
Joke

Security of Data

I don't know how anyone, let alone the Government with their terrible record, still spouts the "this is secure" nonsense. All we can state with any certainty is that whatever humans can make, humans can break. And because the usefulness to organised crime of subverting or accessing such a database is high (in terms of things like monetary gain from identity theft) it will be targeted. Heavily.

Whatever security controls around such a database, they will be broken. End of story. Why not try focusing on limiting the impact of such a breach instead!

Joke alert - because the whole idea is laughable.

Posting anonymously - because I know too much

0
0

IPS is insecure already

They're outsourcing ID checks to a private company and allowing them access to IPS systems apparently borks their firwall. If these muppets can't even set up a simple VPN what hope do they have of keeping this database secure.

0
0
Stop

Once again, they don't get it

"Human error" as the excuse why things go wrong. Its never been human error, its the system and the way it works. People find ways to do what they want to do, going around whatever procedures you think you are going to enforce. This system, like the others, will never be secure.

You want an ID card? Fine

The terms are only 100 people can access it, they can't pass on the data, and if it ever leaks all 100 are put up against the wall and shot.

One of that 100 always has to be the Prime Minister.

Still want an ID card?

0
0
Coat

And how many?

And how many people at the revenue had access to dump 25 million records onto a disk - I doubt it was 100. The government couldn't reassure me on data security - ever.

Mines the one with a pocket full of cd's.

0
0
Black Helicopters

Lies, damned lies and government ministers

So, the government has moved from waffle to blatant lies in attempting to justify the ID database.

Any time a card must be validated there must be access to the database, so every card reader has access to at least part of the database. There will be tens of thousands of card readers.

While they are populating the database, hundreds of people all over the country will be involved with taking the biometric data and uploading it into the database. Will every single one of those people be security checked before employment, or will they just be the first people who apply in the job centre? How many of those temporary employees will keep a copy of the fingerprints of some famous person who randomly passes through their processing centre?

When the construction phase is complete, how many of the temporary access user names and passwords will be properly cancelled?

0
0
Stop

eh?

Can I just say b0ll0x?

0
0
Stop

Second look..

""From the point of view of the National Identity Register, there would not be discs flying around in that way. Anything that was ever downloaded would be encrypted. There would be severe access controls," said Hillier."

Hillier, I don't know why but when I first read that it came across as Hitler?! - maybe my subconscious is telling me something.

0
0
Anonymous Coward

Liability

Just suppose the government manages to convince the public this is a good idea (or dupes us into thinking we had a choice) and sets up such a database.

Then just suppose there is a breach of security (unthinkable) and the whole population's details are in the hands of a ne'er-do-well. Then someone becomes a victim of fraud. Will the government be liable in the same way that banks are?

What if 60 million people lose their savings? Who is going to pay for it? The government (aka the taxpayer)? So even if the government accepts liability we have to pay anyway.

Five minutes of thought shows that lumping all our details together in one location is far too risky to even consider.

I'm not against an ID card (after all, I already have an NINO, a driving licence and a passport - not exactly anonymous am i?), but what's the point of the biometric stuff? Surely a recent photograph is enough.

If they ever get this up and running, I'm moving my bank account to Lichtenstein.

0
0
Thumb Down

Another Expensive Inconvenience

"Needed to buy a house ... " Do I detect another way to make them ID Cards compulsory (at least for the muddled mortgaged classes). Goodness me I bought and sold houses for nearly 40 years without the need to do more than to affix my signature to a contract and rather too many cheques.

Supporting criminal terrorism? Mine's the concrete overcoat ...

0
0
Silver badge
Black Helicopters

Re:DVLA

Spot on!

Security isn't the issue, here!

If the DVLA will sell your name and address to barely legal clamper-thugs it is safe to assume that HM Gov will cheerfully sell the even more sensitive data in the ID database to any lowlife willing to pay for it.

Nothing to hide, nothing to fear? Think again.

0
0
Stop

Severe access controls ... at first

He misses the point. The issue isn't what the access controls are now, or at launch, the issue is what the access controls could be like 20 years from now when goodness knows what might have happened.

The only way to be sure data is secure in perpetuity is to not collect it in the first place. Any access controls can only ever be described as "for now". Indeed, the one thing Parliament cannot do is constrain its future actions.

0
0
Stop

Oh dear oh dear oh dear

"We're required under current EU law to have an ID cards"

No, we're not. And even if we *were* there's no requirement for them to be linked to your bank account, land title deads etc. etc.

From the article:

"National Identity Register will have very limited access, stringent security and no risk of 'discs flying around', MPs have been told."

Err, didn't they say that they sell access to anyone ?

"fewer than 100 people will have access to the National Identity Database"

That's a lie then, at a guess ?

"In rare cases the security services will be able to access the database, but not the NHS"

So the whole 'id cards help you get treated in hospital' spin is buggered then, as they'll now just look your name up on the NHS Spine from your credit card ?

What a even more expensive and silly exercise this is turning into.

Maybe it's time you all joined your local http://no2id.net group...

0
0
DR
Unhappy

40% against...

of course means 60% for...

but I was never asked,

I doubt that 99% or more of the population have been asked.

is this a case of we asked a ten people who we found in a meeting and only 4 objected.

that doesn't take into account those who didn't object but were actually not for ID cards.

or do they assume that ID cards were a govermnent proposal and 60% of people voted for a party with that on the agenda completly ignoring all other agendas,

can we use the same logic to say that 60% wanted to go to war?

I don't think you can.

deeply unhappy face: i feel misrepresented

0
0
Black Helicopters

@ooFie..

Nope, I read it as Hillier as Hitler, too.

Visions of jackbooted thugs boarding the train and demanding to see your ID...........

0
0

Re: Maurice

What indeed is the point of voting? A politician's career can last 30-50 years. In our two-party musical chairs system, government and opposition generally rotate every 4-12 years. You don't need to be a professor of mathematics to divide B into A and figure out that if you're a politician, getting your stupid arse into power is not about pleasing the electorate. It's about patience.

I'm not saying voting is completely irrelevant, but it's much less important than good citizens are supposed to think it is. The main issue is not who's in the government, but how many people are in it.

0
0
Coat

Please present your ID card before boarding the 08:50 from Oxford to Reading

"If you look at what has happened in the past we had a passport which was used for external verification of identity, national insurance number which was used internally, and now 80% of British citizens have a passport and we actually really should see an identity card like a passport "in-country" if you like that entitles people, well it doesn't, we're not using it as an entitlement card but it gives people easier access to certain services".

Meg Hillier MP

Careful Meg, you don't want to let the cat out of the bag.

http://www.parliamentlive.tv/Main/VideoPlayer.aspx?meetingId=1201

01:42:30 in

Just checking the internal passport's in the pocket - I'm off to the shops.

0
0
Coat

Will it apply to ministers?

If you need your id card to hire a hooker , pay off your rent boy, make an offshore bank transaction, submit an expenses claim (etc, etc) . i'm sure it will become very secure.. Anyone want to develop this list a bit???? and who's up for setting up a cumulative bounty to find the first leak in the database SPECIFICALLY on a serving minister?

Mines the pvc one with the bunny ears...

0
0

Contradicting themselves

They've stated that they have no intent to sell access.

However, they then say that they are extending access to other government organisations and selling access to defray the costs.

Now they say they won't sell access and the access to the database will be limited.

Is there any surprise we don't trust them as far as we can throw them up?

I'm sure El Reg can trawl the back catalogue and find the three statements above...

0
0
Coat

60% for ID cards

means that only 40% actually actively _opposed_ them, and the rest didn't like them but wouldn't particularly care.

Curse the 'meh.' voters!

0
0

Points Of View

Maybe the problem is Hillier cannot count up to 100, so therefore she can't list the <=100 institutions that will access. Not a lie at all. Just a concrete example of inumeracy.

As to needing it to buy a house, well they need to know you really exist. I mean, without an ID card, you may not actually be there, making selling you a house very difficult.

And I would say that 102 people need to be shot if there's a single breech:

100 is all the people who have access

1 is the prime minister who was in charge when this went ahead

1 is the current prime minister

The original PM is needed because when the reluctant say "you'll abuse the information" they respond with "not us, we're nice" and assume that any future government would be nice. Well, how much do they believe that? With all their heart?

0
0
Coat

spinning stats 101

take an example of standard stats on an issue

20% in favor

40% nutral

20% opssed

so the side lobbying for it say 60% will suport us and the side opssed say 60% opssed and boith sides clame to be suporting the will of the pepol whail the majority of the pepol switch chanle and watch pop idol

0
0
Anonymous Coward

no risk of 'discs flying around'

But then they would say that, wouldn't they?

The real question is why these rank incompetents think that anyone believes a single word they say any more...

0
0
W
Stop

list > 60 million?

"Hillier said that the number of institutions were too many to list"

And yet they're confident about creating a list of the whole population.

So if... UK Population = 60million

surely... "the number of institutions" > 60 million.

Crikey.

0
0
Coat

time

......for the revolution people!

Its happened before, it can happen again, how many of the common man is appalled at the way the "government" supposedly support and represent the majority of the British people.

Its time for a major rethink in British politics and the way the fat cats are voted for.

The coat because i couldnt find the black helicopter after my *terrorist* like rant!

0
0
Pat
Paris Hilton

Couple of general questions

As regards the National Identity Register, which of these two statements do you feel is more likely?

a) There is some essential benefit to this country and it's citizens, but the politicians haven't got around to telling us what it is;

Or

b) Politicians want as much power over us as they can get because, broadly speaking, most of our thinking and behaviour is of necessity more practical than politically-correct, and so professional politicians see us as a threat to their privileged lifestyles.

And while thinking of a threat to their privileges, would the budgets for Government projects be more realistic and better managed if any financial over-run first had to be made up from the pension-funds and savings/property of those responsible, though only to a degree that would let them learrn rather than ruin them financially such as:

5% of the funds of MPs who held any Ministerial post relevant to the project;

1% of the funds of all other MPs;

3% of the funds of all involved senior civil-servants?

(And if you think this would stop government from doing anything that wasn't absolutely essential, well, that might be a significant improvement.)

Paris because, like politicians, the budget is irrelevant to the spend..

0
0
Gates Halo

Just, wow.

Ms Hillier, and I add my voice to those who read that as 'Hitler', clearly thinks that we're as stupid as she is. Quite apart from the excellent points made above, she seems to have stated, with concrete certainty, capabilities of a system that, AFAIK, hasn't even been /specified/ yet

She can give all the reassurances she likes, but until the system has actually been implemented (a spec is not sufficient, especially in a government IT project), they're all so much ill informed bullshit.

I particularly enjoyed her "two baskets" analogy, which demonstrates very clearly her ignorance of any technical detail whatsoever. Hint : Two databases, both of which must contain an identical unique identifier for each record (in order to JOIN them together, duh!), are effectively just one database you dumb bint.

And as for :

"How many organisations will have access to the database ?"

"Oh, to many to list" .

Oh well, that's just fucking peachy then. Thanks a bunch. Consider me properly reassured. And by the way, is the weather on your planet nice ?

Halo'd Bill, because this lot make even him and the Balmernator look like the diet pepsi of evil, and because we haven't got a suitable jackbooted facist icon yet, hint hint.

0
0
Thumb Down

Pin it on the EU

But which nations euro MPs pushed that legistlation through eh?

0
0
Anonymous Coward

Re: ...To Buy a house

"We are going to need an ID card to buy a house now. Crikey"

Yeah, but don't worry, the cards are not compulsory. You can always sleep rough if you prefer.

0
0
Flame

Weasels

Can't these lying weasels even tell each other the truth?!!!!

"Less than 100 people will have access." I'm sure what she means is that less than 100 BOFHs will have access to the entire database at once on the server farm and could steal the whole thing in one go.

"there would actually be two 'baskets' " = The information will be in 2 places but each bit will only be stored in one basket.

"the number of institutions were too many to list" = Anyone with a council ID up or a wheel clamp will be able to access it but they can only download as many single records as they want, not have the whole set delivered in one go. So that's OK then.

"but any organisation requesting access would have to prove it needed the information as part of an ongoing investigation." = We won't give the whole thing away at once (anyway it would soon get out of date if we did) we'll hand over as many records in real time as anyone wants. If they weren't investigating something they wouldn't ask.

"there would not be discs flying around in that way" = No, the database will be terrabytes of data. We'll send it round on tapes or hard drives as the pile of discs would be too big. "Bob, have you got DVD-R number 623 from the ID database? Sorry mate, I've only got half the 500s. it's got to be here somewhere; Ask Tracy"

"the biometric data will be held at a higher level of security than the biographical information" = We'll keep all those shiny biometrics that we want so much safe but we don't care about the stuff that most criminals would actually use to commit identity theft against you. YOUR ID getting stolen doesn't cost US any money and we'll use it as an excuse to introduce more surveillance later.

"The passport database is certainly a very secure database. The average man and woman in the street are not worried about it." - Because very few organizations have access to it and nobody has been publicly exposed for fucking up YET.

"she said the latest official findings were that 60 per cent of citizens were in favour." = Only about 40% of the population know anything about it yet.

"Hiltler, who has responsibility for identity cards, said it was important to win public confidence in the scheme" - BEFORE people find out what it really entails. Show me your papers please.

0
0

BBC1, Sundays, 9pm

"The Last Enemy"

Good propaganda for ID cards etc.........NOT.

0
0
Thumb Down

For the chap who doesn't believe there'll be a pan-EU identity card....

EU Scheme aims for ID Card interopability:

"http://www.itweek.co.uk/itweek/news/2199858/eu-scheme-aims-id-card"

Here's the link showing that the UK's "Identity and Passport Service is leading the integration project":

http://www.epractice.eu/document/3983

Here's the formal agreement from Portugal in 2007:

http://www.eu2007.pt/NR/rdonlyres/FAA18F0D-1519-4F85-BF08-950238146875/0/Ministerial_Declaration_Final_Version_120907.pdf

This is clearly about identical standards and information sharing across EU nations. In my opinion the chance of a pan-EU identity card is 100%.

0
0
Anonymous Coward

"Latest official findings were that 60 per cent of citizens were in favour"

Hahaha, how many "citizens" exactly?

0
0
Anonymous Coward

<no title>

What I want to know is how they intend to stop governments, present & future, from getting to see it and misusing it.

The passport database may not have worried the average man and woman in the street in the past, but now they are going to want biometrics, I for one no longer trust it.

I am not a criminal. And would not become one, unless, in the future, parliament defines ridiculous crimes that would risk any decent citizen being labelled as a criminal. Therefore there should be no intimate record of me held by the State. We are free citizens, we must ensure we stay that way. The State is there for the benefit of the citizen, not vice versa.

0
0

for the chap on about EU Scheme aims for ID Card interopability:

Any idea which Euro MPs pushed that through?

Sneaky suspicion they might be brits - but I haven't figured out where to find that info.

0
0
Anonymous Coward

Where is Hillier at fault?

Telling the truth is possible only if you know the truth. Ministers generally have to be briefed about issues. To come out with such palpable contradictions as Hillier did means either she was badly briefed or just didn't understand it. Unless senior civil servants are now far more negilgent than I realise, the latter is clearly the case. Perhaps McBroon is so insecure that he needs to surround himself with stupid people - unlike Stalin, he can't just have them shot.

0
0
Anonymous Coward

Am I the only one that read Hillier as Hitler?

Am I the only one that read Hillier as Hitler?

0
0

Page:

This topic is closed for new posts.