Microsoft Security Exec: UK's Smart ID Cards Pose Security Risk

Oct. 19, 2005
Security expert says that there are concerns about how secure the personal data is stored

Microsoft has warned that the U.K.'s national identity card plans pose a security risk that could increase the likelihood of confidential data falling into the hands of criminals.

Jerry Fishenden, a top security and identity management expert at Microsoft, said that the British government's current technology proposals are flawed. He also criticized other technology suppliers for failing to speak out publicly about their concerns for fear of damaging any future bids for part of the lucrative contract for ID cards.

Fishenden, national technology officer at Microsoft UK, said that the plans for a central national identity register could lead to "huge potential breaches" and a leakage of personal information.

"I have concerns with the current architecture and the way it looks at aggregating so much personal information and biometrics in a single place," he said. "There are better ways of doing this. Even the biometrics industry says it is better to have biometrics stored locally."

Fishenden said no systems are ever completely secure and warned that putting vast amounts of personal data and biometric information such as iris, fingerprint and facial scans in one central database could prove too tempting a target for hackers and other criminals.

The U.K. government is backing a bill to make ID cards compulsory for all British residents. The cards, which are intended to help combat terrorism, illegal immigration and organized crime, will be based on biometric data. They have run into opposition both for the potential cost to holders and over worries about privacy and reliability.

Microsoft has expressed its concerns directly to the ID cards team at the U.K. government's Home Office, Fishenden said. Other suppliers are keeping quiet about their fears over the viability of the proposals because they want a piece of what would be a multibillion-pound project.

"Every supplier I talk to privately expresses their concerns," he said. "They seem happy to express their reservations to each other. But I don't think we have been as vocal as we should have been on this debate."

The Microsoft executive's comments come as British members of parliament are due to vote on a third reading for the Identity Cards Bill and just a day after Home Office minister Tony McNulty admitted that the proposed biometric technology has problems recognizing some people, such as those with brown eyes.

McNulty's statement followed a report in the U.K. newspaper the Independent on Sunday warning that one in 1,000 people could be incorrectly identified by the biometric systems because of difficulties in identifying those such as manual laborers who wear down their fingerprints.

------

Andy McCue of Silicon.com reported from London.