By Andy McCue, 18 October 2005 16:00
NEWS Microsoft has warned the UK government's national ID card plans pose a huge security risk that could actually increase the likelihood of confidential personal information falling into the hands of hackers and criminals.
A top security and identity management expert at Microsoft said the current technology proposals are flawed and criticised other IT suppliers for failing to speak out publicly about their concerns for fear of damaging any future bids for a piece of the lucrative ID cards contract.
Jerry Fishenden, national technology officer at Microsoft UK, told silicon.com the current plans for a central national identity register could lead to "huge potential breaches" and leakage of personal information.
He said: "I have concerns with the current architecture and the way it looks at aggregating so much personal information and biometrics in a single place. There are better ways of doing this. Even the biometrics industry says it is better to have biometrics stored locally."
Fishenden said no systems are ever completely secure and warned that putting vast amounts of personal data and biometric information such as iris, fingerprint and facial scans in one central database would prove too tempting a target for hackers and other criminals.
Microsoft has expressed its concerns directly to the Home Office ID cards team but Fishenden said other suppliers are keeping quiet about their fears over the viability of the current proposals because they want a piece of what would be a multi-billion pound project.
"Every supplier I talk to privately expresses their concerns," he said. "They seem happy to express their reservations to each other. But I don't think we have been as vocal as we should have been on this debate."
Microsoft's comments come as MPs are due to vote on a third reading for the Identity Cards Bill and just a day after Home Office minister Tony McNulty admitted to problems with the proposed biometric technology recognising some people, such as those with brown eyes.
His statement followed a report in the Independent on Sunday warning that one in 1,000 people could be incorrectly identified by the biometric systems because of difficulties in identifying those such as manual labourers who wear down their fingerprints.
Comments
There are 18 comments. Join the discussion
1. R. Bencheikh
I have to agree with Microsoft this time (arrrr....), a successful ID card scheme has huge benefits. A failure, however, could damage the reputation of the IT industry. This hybrid biometric technology currently being touted by the Home Office is still far from being 100% robust for a project of this size and importance.
R. Bencheikh
http://www.thebiometrix.com
2. Ed Carroll
Thanks goodness a corporation with some clout has finally spoken up about this complete shambles of a system – I certainly hope that the mainstream media picks up on this article and make the general public aware of the facts. Mainly because Microsoft (liked or loathed!) are as well known to the general public as say CocaCola or Nike and this is the attraction; people without technical knowledge will read and understand the what is being said and Mr Fishenden’s comments and will hopefully have an impact on them and in turn our inept government!
3. anonymous
When me, or my company, start taking security advice from Microsoft it will be a black day.
I'm not saying they're wrong, I'm simply saying they cannot seriously expect people to listen.
Anyway, what was Passport about if not a universal Internet ID card?
4. Karen Challinor
too little too late
the fifteen or so people who actually attended the debate did try to make an amendment but failed, the rest just registered their block votes as usual
the only hope is that the lords block it now
5. Geoffrey Darnton
...and particularly if it is a Microsoft platform? It is absolutely commendable that Microsoft have made this fundamental point and put it squarely on the table. However, the dangers would be even greater if the proposed platform was a single proprietary vendor - and one such as Windows/DOS which has very weak memory management which permits easy exploits of the core operating system. Any platform, if one goes ahead against all the advice that it shouldn't, should be at a minimum hybrid and open source - no proprietary platform can be verified publicly with confidence.
6. anonymous
Since the IT industry can't help but put their snouts in the trough, Microsoft shouldn't expect any public backing. An IT company with a failed multi-billion contract, is still an IT company with a multi-billion contract.
And I've yet to see a single example of the "transferring risks to the private sector" fiascos result in anything other than the Government bailing out the scheme with tax payers money to avoid embarrassment and searching questions about these so called PFI initiatives.
7. Tim
Microsoft getting something right for a change - there is something you dont see very often
8. Jerrold Baldwin
Let's drop ID cards now before we waste any more money on this terrifying yet unworkable idea.
9. anonymous
Shouldnt the headline be 'Microsoft Finally Talkes Sense'
on a more serious note good on them.
10. Tim Jackson
Well hats off to Microsoft. I never thought I would see the day when I said that.
But indeed, the emperor is a pair of underpants short of being decently dressed.
Creating such a big prize as an identity database can only turn the most ingeneous of criminal minds to hacking it, and at best only serves to escalate a security arms race.
11. Drew Edgar
Sense at last.
How much better could the money be spent on
(1) vastly more Police out in the streets, to bring our per capita deployment in line with other European countries;
(2) vastly more immigration officers pursuing an aggressive policy of prevention & immediate deportation/repatriation of the criminals who flout our 4 countries' laws.
The undoubted Moslem terrorist threat has been spun by this corrupt government in order to introduce draconian legislation affecting our life & liberty; identity card is but the tip.
Yet they have simultaneously prevented our police from effectively carrying out their duties by imposing farcical restrictions & voluminous new/additional paperwork, which serve no genuine purpose in improving out safety merely in serving left wing dogma.
In keeping with this they are presently proposing a "rationalisation" of the number of forces serving the public - which will only cause more chaos & confusion & incur non productive expense.
12. anonymous too
Well anonymous of Manchester, you hit the nail on the head with your last comment: I'm sure that a very nice man from MS will be more than happy to pop-a-long and advise our Government on buying an SSO identity system from an even nicer man in Redmond.
13. misceng
An IEE lecture I attended was addressed by speakers who were advising on the ID card scheme. They admitted the flaws in biometrics. From this it was estimated that about 60,000 honest citizens would be denied their rights because of faulty identification. Since the Commons has just passed the third reading of the bill our only hope is the House of Lords rejecting it. Then when it returns to the Commons, how can we convince the non technical MPs of their folly?
14. anonymous
Hands up who thinks the Government will take any notice of Microsoft or the Independant newspaper????
I know where my money is. Good old Tony B has never let logic or reality get in the way of his plans (see Iraq war).
15. Malcolm Ripley
If large databases are such a security risk why aren't all the criminals very rich? After all, all the banks have databases that are accessed every day by millions of retailer connections using similar technology to that proposed for the ID cards. In fact the current bank/credit cards are less secure.......
Anti ID card hysteria is lowering peoples IQ. As for Microsoft, be afraid be very afraid about their objection !
16. Jamie
ironic, windoze is the real threat
17. Joe Whitehead
Actually, Malcom Ripely, you should search for articles on the loss of credit card information recently.
18. Peter Morris
Thank goodness some one else see scence How can the govement justife wasting our public money on something that dose not work