By Nick Heath, 15 April 2009 16:57
NEWS
...security really is."
Longbottom added that the system was also vulnerable to PIN numbers being spied on in public and to criminals hacking terminals to steal card transaction and PIN details.
Cambridge University security researcher Richard Clayton added that PIN functionality could open up new avenues for identity fraudsters.
Using a PIN number to prove identity online and access government services risked fraudsters setting up spoof public service sites to steal PINs and personal details, in the same way criminals set up fake banking sites today, he said.
"You could find somebody using your PIN to log into the [Department for Work and Pensions] website and redirect your pension to a different address."
Clayton warned chip and PIN could threaten the entire project. "Introducing new ideas and changing the specification in the middle of a project is a recipe for the whole thing not working. This is why so many government IT projects go over budget and fail.
"If it was such a good idea why was it not introduced at the beginning?" he said.
Fraudsters may have some time to wait for the inclusion of chip and PIN functionality on ID cards, however.
Apacs' Whittaker added there have been no indications from discussions with the IPS or from ID cards legislation that the inclusion of chip and PIN technology is being considered, despite the fact that the cards will be made available to the general public in two years' time.
"What a wonderful functionality that would be but that's not going to be flagged as being available in identity cards, which leads us to believe that there is no EMV functionality in the card," said Whittaker.
"You can see no evidence that says it is going to be implemented.
"Going back to the strategic delivery plan and secondary legislation I find it questionable how those aspirations can be met."
Indeed, the inclusion of chip and PIN functionality would appear to be backtracking by the government.
Earlier this year in response to criticisms about missing PIN functionality, identity minister Meg Hillier argued against adding too many features to the card.
"If you try and lay too much on something then you risk overwhelming it and making it too complex," she said.
Comments
There are 7 comments. Join the discussion
1. karen challinor
so 49 items of personal information, your life history and your biometric data are not judged to be secure methods of verifying your identity any more, not that I believe that was ever the purpose of gathering the data
and this is mainly because no one outside government can access either the chip on the card or the central database, so these details cannot be used to verify your identity and are a completely useless invasion of privacy
so they are thinking of throwing chip & pin on there too but still want the other details as well despite the minor detail that they are useless to anyone except perhaps the government
and we are still going to have to pay for it regardless of what happens because they've carefully linked all the database requirements into the passport system under the guise of extra security
so even if the next government gets rid of the scheme UKIPS will keep the database alive and kicking so it can easily be reinstated should Labour ever win another election
I wonder how much passports are going to cost in a couple of years
2. Radical Meldrew
Oh do be serious and pay attention at the back - yes that's you lot on the benches. Wake up!
Credit cards are compromised every single day - even PIN numbers do not present much of a challenge to a determined crook. Why should ID cards be any different?
3. Roger Huffadine
Function creep
4. anonymous
A bit late in the day to be making fundamental changes now isn't it ?
Can only increase costs.
On the lighter side, as Chip and PIN is well established, little development required. Indeed the cost of the technology is so low, that the banks (yes the banks !!) just...... give the cards away, even if you lose them.
Maybe The Home Office could follow this model ?
5. Dave Brown
Oh come on everyone, give the Government their due - they are searching for a way to justify adoption of the cards - they know it is currently a non-starter (and always will be).
6. Nick Johnson
Once again a complete waste of Government money, we have these biometric id cards that are being given to new Asylum seekers, yet the Police are not be in a position to verify them until next year. So the point of rushing this through is for what reason, surely the card and reader should have been available at the same time.
So a Government 'bright spark' has thought of a new way - Chip and Pin within the ID and as someone has indicated how often are these compromised...
7. Neil Barrett
Mr Johnson - this isn't 'Government' money they're spending - it's ours...