By Nick Heath, 10 July 2009 10:48
INTERVIEW
...unique about you as an extra safeguard to your biographic details," she said.
"People's identities are insecure: attaching biometrics and adding an extra way of being able to verify that you are who you say you are is raising the protection on that, rather than lowering it."
While it would be foolish to claim any system is 100 per cent secure, Vernon said, she claims that the security of people's personal and biometric details will be protected by the fact that the National Identity Register (NIR) will be made up of several databases, rather than one central database.
"We do penetration testing on the databases, as well as splitting up of duties so there is not one person who can go all the way from one set of data to another.
"People think we have one giant database but we have one that holds the biographic details, one that holds the biometric details and also a data store for the PKI [public key infrastructure] details. There's different security levels round all of those," she said.
Securing the Delivery Chain
Security has also been a pressing question for the Home Office following a breach of the Data Protection Act last year, when its contractor PA Consulting lost the personal details of 84,000 prisoners.
Vernon said the department now has strict security controls for Home Office staff.
"Only a few hundred staff can now write to removable media compared to thousands before and staff have to undergo training before they are allowed to do so," she said.
"The Home Office has an encryption bureau who will protect any data that needs to be sent outside of the secure perimeter, the GSi and all memory sticks are automatically encrypted."
The Home Office's commercial directorate are working on a programme called Securing the Delivery Chain to check that contractors handling sensitive or personal data meet required security standards.
"We have written to all our existing suppliers asking whether they can assure us they are adhering to all the standards and have had to send out several reminders.
"In the instance you are talking about [PA Consulting] the contractual arrangements were in place and the standards were specified.
"We are going through all of those [contracts] and systematically assessing the risk and looking at their approaches."
The Home Office has carried out a limited number of onsite checks on suppliers for security protocol compliance, in co-ordination with similar inspection schemes in other Whitehall departments.
However, Vernon admitted there were limits on how far the Home Office can go to control the everyday workings of its service providers.
"Even though we can get people within the UK border to follow the processes, you can't necessarily get...
Comments
There are 8 comments. Join the discussion
1. Guy Herbert
Cobalt programmer? Do you mean COBOL programmer? That would be plausible in the DWP 20 years ago. I don't think Cobalt would be, being rather fancy and modern.
2. karen challinor
she may be convinced of the need for the ID card and NIR scheme and indeed goes on at length about how the biometrics will provide an extra layer of security for the card
without once providing a single reason to convince anyone else why we actually need the scheme in the first place
so, please, if you are so convinced of the need for the card and the NIR, show us the evidence that convinced you so that we may also become similarly convinced or present a counterargument
3. Ian Farrell
Can we deal with the issues and arguments about why we need cards in the first place and how they are going to make our lives better or safer.
And perhaps it might be nice to know how soon we can expect working clones of these cards to be available to the people we want to protect ourselves from.
I suspect this project to continue to be a monumental waste of taxpayers money and articles like this only serve to confirm that opinion.
4. Richard
Perhaps she worked with COBOL rather than Cobalt?
Perhaps these rosy views about the benefits of the Home Office & its ever more intrusive, ever more expensive IT projects also need correcting?
5. Terry Cee
Yeah, got to agree.
This is a techies' view - just because we can doesn't mean we should . . . . and it doesn't address half the issues already aired ad-nauseum.
Nice go at changing the direction of spin, though! She could try out in the nets in Cardiff.
6. Doomsayer
So the Home Secretary was jumping the gun when he said that ID cards would never be compulsory & appeared to be paving the way for dropping the whole project. None of that sorry crew can even sort out the truth from the spin - how do they expect to manage to get this project off the ground.
7. anonymous
I am living in Italy at present and have a (paper only!) Italian ID card.
Each time I move house, I have to go to the local comune (council) if I want to update my legal address.
No-one has mentioned this feature of ID cards in the UK, but I don't see any way of avoiding it. So the ongoing costs of the ID card scheme involve a lot of extra costs above the issuing of cards. What will happen to someone who sells up in the UK and moves abroad, do we have two ID cards, or none. At present I live in four different EU countries and have had two ID cards at the same time on many occasions. You always end up needing the card (eg in Italy to buy a car).
Can't wait to see what a mess the systems will get into.
PS I have a healthcard in Italy and in France, the two systems are both going IT and will collaborate. The UK of course has.....
8. Chris Goodman
The billions wasted on the planned ID card that is to become history next year could have saved lives if spent on troop lift helicopters. It would also have freed up a whole heap of civil servants who could have enlisted to make up the army's manpower shortfall.